WSO2 APIM - Remove Authorization header from API LOG

Question

I want to remove from api.log file the authorization header that appears there:

[2022-02-08 15:00:57,703]  INFO {API_LOG} pizzashack - {"headers":["accept=application/json",...,"Connection=keep-alive","Host=localhost:8243","authorization=Bearer yJraWQiOiJnYXRld2F5X3g...","Origin=https://localhost:9443"..

I want to delete that token inside authorization header, how can i do it? I have tried with log4jproperties adding:

 logger.API_LOGGER.property.apim.message = %replace{%msg}{authorization:[^,]*}{"Authorization: Bearer ***"}{}

But it gives me an error when restarting APIM.

Answer 1

You should be able to do this using log-masking[1].

A sample config is shown below.

1. Add below masking regex for JWT in deployment.toml (Please note this is a sample only, you may have to improve this to only capture JWTs, )

[masking_pattern.properties]
"JWT" = ' \\b([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_\\-\\+\\/=]*)\\"'

2. Enable log masking for API_LOGGER by updating log pattern as below.

appender.API_LOGFILE.layout.pattern = [%d] %5p {%c} %X{apiName} - %mm%ex%n

[1]. https://apim.docs.wso2.com/en/4.1.0/administer/logging-and-monitoring/logging/masking-sensitive-information-in-logs/