Commonly Used Log Scrubbing Rules Find on this page examples of commonly used log processing rules.
Lines containing the string sensitive-info are not sent to Datadog.
- type : exclude_at_match
name : exclude_sensitive_info
pattern : (?:sensitive\-info)
Copy
When the string “my_key=” is found, letters, numbers, spaces, and underscores following the string are redacted with my_key=[VALUE REDACTED].
- type : mask_sequences
name : redact_key_match_letters_numbers_spaces_unders
replace_placeholder : "my_key=[VALUE REDACTED]"
pattern : (?:my_key=[A-Za-z0-9\s_]*[A-Za-z0-9][A-Za-z0-9\s_])
Copy
When the string “my_key=” is found, all characters following the string until the next period are redacted with my_key=[VALUE REDACTED].
- type : mask_sequences
name : redact_key_match_to_period
replace_placeholder : "my_key=[VALUE REDACTED]"
pattern : (?:my_key=[^.])
Copy
Redact United States Social Security numbers.
- type : mask_sequences
name : social_security_number_basic
pattern : (?:\d{3}-?\d{2}-?\d{4})
replace_placeholder : "[SSN REDACTED]"
Copy
Redact email addresses using the RFC 5322 regex specification.
- type : mask_sequences
name : RFC_5322_email
pattern : (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
replace_placeholder : "[EMAIL REDACTED]"
Copy
Redact credit card numbers for Visa, Mastercard, American Express, Diner’s Club, Discover Card, and JCB.
- type : mask_sequences
name : visa_mc_amex_diners_discover_jcb_credit_card
replace_placeholder : "[CREDIT CARD REDACTED]"
pattern : (?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})
Copy
The above rule may cause interference when connecting logs and traces as trace IDs can match the above format. If connecting logs and traces and you wish to use the above regular expression, consider the below example:
- type : mask_sequences
name : visa_mc_amex_diners_discover_jcb_credit_card
replace_placeholder : "[CREDIT CARD REDACTED]"
pattern : \b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b
Copy
Redact postal codes (US).
- type : mask_sequences
name : postal_codes
replace_placeholder : "[POSTAL CODE REDACTED]"
pattern : (?:\d{5}-\d{4}|\d{5}|[A-Z]\d[A-Z] \d[A-Z]\d)
Copy
Redact characters after string ExampleConfig( until the closing parentheses.
- type : mask_sequences
name : Example_config_redaction
replace_placeholder : "ExampleConfig([REDACTED, REDACTED]"
pattern : (?:ExampleConfig\([^\)]+)
Copy
Redact characters after string on Example [ until the closing bracket.
- type : mask_sequences
name : on_Example_redaction
replace_placeholder : "on Example [Example REDACTED]"
pattern : (?:on Example\s?[^\s]+)
Copy
Redact Class A IP addresses, range 1.0.0.1 to 126.255.255.254.
- type : mask_sequences
name : simple_ip_address
replace_placeholder : "[IP REDACTED]"
pattern : (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
Copy
Additional helpful documentation, links, and articles:
*Logging without Limits is a trademark of Datadog, Inc.
