4.2.5 Masking Sensitive Data

Configure Oracle Trace File Analyzer to mask sensitive data in log files.

Masking sensitive data is an optional feature that you can configure Oracle Trace File Analyzer to mask sensitive data in log files. Oracle Trace File Analyzer masks information such as host names or IP addresses and replaces sensitive data consistently throughout all files. Replacing consistently means that the information is still relevant and useful for the purposes of diagnosis without sharing any sensitive data.

To configure masking:

1. Create a file called mask_strings.xml in the directory tfa_home/resources.
2. Define a mask_strings element then within that a mask_string element, with original and replacement for each string you wish to replace:
   For example:

   <mask_strings>
        <mask_string>
             <original>WidgetNode1</original>
             <replacement>Node1</replacement>
        </mask_string>
        <mask_string>
             <original>192.168.5.1</original>
             <replacement>Node1-IP</replacement>
        </mask_string>
        <mask_string>
             <original>WidgetNode2</original>
             <replacement>Node2</replacement>
        </mask_string>
        <mask_string>
             <original>192.168.5.2</original>
             <replacement>Node2-IP</replacement>
        </mask_string>
   </mask_strings>

   Oracle Trace File Analyzer automatically locates the mask_strings.xml files and starts replacing the sensitive data in the diagnostics it collects.