config : log sensitive
 
log sensitive
Use this command to configure whether the FortiWeb appliance will obscure sensitive information, such as user names and passwords, in log messages for which packet payloads are enabled. Each packet payload has predefined sensitivity rules based on the payload data type. If needed, you can also create custom sensitivity rules to obscure other payload data types using “config log custom-sensitive-rule”.
This command is relevant only if you have enabled the FortiWeb appliance to keep packet payloads along with their associated log messages. For details, see “config log attack-log” and “config log traffic-log”.
To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For more information, see “Permissions”.
Syntax
config log sensitive
set type {custom-rule | pre-defined-rule}
end
Variable
Description
Default
type {custom-rule | pre-defined-rule}
Select whether the FortiWeb appliance will obscure packet payloads according to predefined data types and/or custom data types.
See “config log custom-sensitive-rule”.
No default.
Example
This example enables the FortiWeb appliance to use a custom sensitive rule to obscure packet payload information that displays information about users that are age 13 and under.
config log sensitive
set type custom-rule
end
config log custom-sensitive-rule
edit custom-sensitive-rule1
set type general-mask-rule
set expression "age\\=[1-13]*$"
next
end
Related topics
config log custom-sensitive-rule
config log attack-log
config log traffic-log