Fortinet black logo

CLI Reference

log sensitive

log sensitive

Use this command to configure whether the FortiWeb appliance will obscure sensitive information, such as user names and passwords, in log messages for which packet payloads are enabled. Each packet payload has predefined sensitivity rules based on the payload data type. If needed, you can also create custom sensitivity rules to obscure other payload data types using log custom-sensitive-rule.

This command is relevant only if you have enabled the FortiWeb appliance to keep packet payloads along with their associated log messages. For details, see log attack-log and log traffic-log.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log sensitive

set type {custom-rule | pre-defined-rule}

end

Variable Description Default

type {custom-rule | pre-defined-rule}

Select whether the FortiWeb appliance will obscure packet payloads according to predefined data types and/or custom data types.

For details, see log custom-sensitive-rule.

No default.

Example

This example enables the FortiWeb appliance to use a custom sensitive rule to obscure packet payload information that displays information about users that are age 13 and under.

config log sensitive

set type custom-rule

end

config log custom-sensitive-rule

edit "custom-sensitive-rule1"

set type general-mask-rule

set expression "age\\=[1-13]*$"

next

end

Related topics

log sensitive

Use this command to configure whether the FortiWeb appliance will obscure sensitive information, such as user names and passwords, in log messages for which packet payloads are enabled. Each packet payload has predefined sensitivity rules based on the payload data type. If needed, you can also create custom sensitivity rules to obscure other payload data types using log custom-sensitive-rule.

This command is relevant only if you have enabled the FortiWeb appliance to keep packet payloads along with their associated log messages. For details, see log attack-log and log traffic-log.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log sensitive

set type {custom-rule | pre-defined-rule}

end

Variable Description Default

type {custom-rule | pre-defined-rule}

Select whether the FortiWeb appliance will obscure packet payloads according to predefined data types and/or custom data types.

For details, see log custom-sensitive-rule.

No default.

Example

This example enables the FortiWeb appliance to use a custom sensitive rule to obscure packet payload information that displays information about users that are age 13 and under.

config log sensitive

set type custom-rule

end

config log custom-sensitive-rule

edit "custom-sensitive-rule1"

set type general-mask-rule

set expression "age\\=[1-13]*$"

next

end

Related topics