Customizing log field behaviors
Use customized log field behaviors on a per-field basis to balance your organization’s needs for logs that are both useful and secure.
About this task
You can use the following properties to configure log field behaviors for either predefined fields in either the WriterBasedAccessLogFields
or JSONAccessLogFields
or for custom log fields in third party plugins.
Behavior | Predefined field configuration property | Custom field configuration property |
---|---|---|
Preserve |
|
|
Omit |
|
|
Redact entire value |
|
|
Redact value components |
|
|
Tokenize entire value |
|
|
Tokenize value components |
|
|
For more information on log field behaviors, see Log sanitization options.
Steps
-
To create customized log field behaviors on a per-field basis, run
dsconfig create-log-field-behavior
.Example:
The following example defines a log field behavior object so that the logger tokenizes the values of log fields that are expected to contain host names or IP addresses:
dsconfig create-log-field-behavior \ --behavior-name "Tokenize Hostnames" \ --type text-access \ --set tokenize-value-components-field:connect-from-address \ --set tokenize-value-components-field:connect-to-address \ --set tokenize-value-components-field:entry-rebalancing-source-server \ --set tokenize-value-components-field:entry-rebalancing-target-server \ --set tokenize-value-components-field:externally-processed-bind-end-client-ip-address \ --set tokenize-value-components-field:requester-ip-address \ --set tokenize-value-components-field:servers-accessed \ --set tokenize-value-components-field:target-host
Example:
The following example defines a log field behavior object so that the logger tokenizes the entire field value of a third party access log field named
myCustomField
:dsconfig create-log-field-behavior \ --behavior-name "My Log Field Behavior" \ --type text-access \ --set tokenize-entire-value-field-name:myCustomField
Because the log field behavior does not define a default behavior, it only affects the manner in which specific fields are logged. The default behavior that is configured for the associated log field syntax is used for all other fields.
-
To associate the log field behavior you created with the loggers in which it should be used, run
dsconfig set-log-publisher-prop
.Example:
The following example sets the default log field behavior created in the first example,
"Tokenize Hostnames"
for the file-based access logger:dsconfig set-log-publisher-prop \ --publisher-name "File-Based Access Logger" \ --set log-field-behavior:"Tokenize Hostnames"
-
To finalize your changes, restart the server:
bin/stop-server --restart