How to filter sensitive data from captured events in AIMS


AIMS provides the much needed centralization for monitoring your Integration environments health and providing proactive monitoring and notifications capabilities.

One such important monitoring aspect is capturing the event logs from your environment, as part of centralizing the otherwise, scattered tools, into one place.

However, this comes with a caveat, what if there are sensitive information captured in these event log entries, I know event logs should not be used for logging sensitive data(!), but believe me some customers I worked with still use event logs for logging such data from their applications.

The solution is quite simple, and is actually documented on the AIMS support site, what you need to do is just add a regular expression (regex) in the windows server AIMS agent configuration file located here: C:\ProgramData\AIMS Innovation\Windows Server Agent\default.conf. Not to be confused with the location of the windows service executable in Program Files.

You will first need to distinguish these critical event log entries, by finding a certain pattern, for example: a unique error code or a prefix, and then use regex to match this pattern, so that event log entries that match will be filtered out from the source. You can use any online regex tool to assist you with the right syntax, if you are like me, and need to brush up on your regex basics.

In the below example, notice that you can add multiple rules inside <IgnoreRules> tag, or you can use regex to group the expected different words in one entry.

The outcome from the below is that the filtered out event log entries are the entries that include any of the following words: SSODB, WCF-Custom, 0xC0C01627, or BizTalkRuleEngineDb. 


After saving the configuration file, you will need to the restart the Windows Server Agent, for the ignore rules to take effect, and from now on, event log entries matching the ignore rules won’t reach AIMS platform.


Preventing event log entries containing sensitive data from being sent to AIMS back-end, is an excellent way to assure your customers that such log entries won’t get out from their on-premises environment. 


How does your integration monitoring stack up? Download this free checklist
Download the AIMS Integration Monitoring Tool Checklist