log4j2 converstion to Ecslayout and masking

Currently log masking for sensitive fields is working fine using log4j2, now I want to change the log format to ecs. so I made the changes in log4j2.xml and EcsLayout tag as below:

<Configuration xmlns="http://logging.apache.org/log4j/2.0/config" status="OFF" packages="com.usbank.digitalservices.common.log.mask"> <Properties> <Property name="base.log.dir">./logs</Property> <Property name="appenderPatternLayout">%d{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'} %-5p %-15c{1} [%X]: %spi%n</Property> <Property name="maxLogFileSize">10 MB</Property> <Property name="maxLogFiles">2</Property> </Properties> <Appenders> <Console name="CONSOLELOG" target="SYSTEM_OUT" follow="true"> <!-- <PatternLayout pattern="${appenderPatternLayout}"/> --> **<EcsLayout stackTraceAsArray="true" serviceName="my-api"/>** </Console> 

Now log is converted to json correctly but the masking is not working i mean appenderPatternLayout /spi not working.

any suggestion for how to mask if EcsLayout, what could be parameters for appenderPatternLayout?

1 Answer

The %spi pattern you are using is clearly provided by a private Log4j2 plugin from com.usbank.digitalservices.common.log.mask.

The EcsLayout can not take advantage of pattern converters, but the generic JSON Template Layout can. You just need to copy the embedded EcsLayout.json template and replace the definition of "message" with:

"message": { "$resolver": "pattern", "pattern": "%spi", "stackTraceEnabled": false } 

ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJobm5paGmFcYWOpaagbJpneqS7za%2Bcq6uknryvedOoZJ6bo6GuurvUrWSappRiuqK%2FyqKloA%3D%3D