Logging

By default, all logging is secured as each core includes a number of sensitive fields included in communication which will be masked.

All logged communications information is also scanned for numbers which could possibly be full card numbers and are masked by default.

Trace level logging which is not enabled by default should not compromise security of the application.

The default logger should be configured for info only (debug information should not be generated in production environment)

This is configured in the log4j2.xml file:

<Loggers>
    <Root level="info">