Masking sensitive information during logging using log4j

You can prevent sensitive data from being logged in the verbose log messages by filtering log messages when using the log4j utility for logging.

This helps prevent sensitive information, such as CVV2 codes, from being logged in the verbose log messages. By default, only the value of Secure Authentication Code is masked.

Sterling Selling and Fulfillment Foundation provides a custom log4j Layout and Filter. The custom Layout will first delegate to a normal PatternLayout to get a formatted message. When the formatted message is received, the custom Layout will filter the results based on a set of configurable regular expressions, before finally returning the fixed string. The custom Filter enables you to match the message against regular expressions and mask the message, if the message matches.

• Filtering applies only to the messages logged using the log framework that is provided, which includes both YFCLogCategory and LogService. Messages logged through other methods, such as direct system.out or other log framework, will not be affected.
• If filtering is enabled, logging will be slower because it results in the execution of one or more regular expressions against every log message. This in turn may have a larger impact with the VERBOSE mode that is enabled for logging.