How to filter sensitive data from captured events in AIMS



February 14, 2022

AIMS provides the much needed centralization for monitoring your Integration environments health and providing proactive monitoring and notifications capabilities.

One such important monitoring aspect is capturing the event logs from your environment, as part of centralizing the otherwise, scattered tools, into one place.

However, this comes with a caveat, what if there are sensitive information captured in these event log entries, I know event logs should not be used for logging sensitive data(!), but believe me some customers I worked with still use event logs for logging such data from their applications.

The solution is quite simple, and is actually documented on the AIMS support site, what you need to do is just add a regular expression (regex) in the windows server AIMS agent configuration file located here: C:\ProgramData\AIMS Innovation\Windows Server Agent\default.conf. Not to be confused with the location of the windows service executable in Program Files.

You will first need to distinguish these critical event log entries, by finding a certain pattern, for example: a unique error code or a prefix, and then use regex to match this pattern, so that event log entries that match will be filtered out from the source. You can use any online regex tool to assist you with the right syntax, if you are like me, and need to brush up on your regex basics.

In the below example, notice that you can add multiple rules inside <IgnoreRules> tag, or you can use regex to group the expected different words in one entry.

The outcome from the below is that the filtered out event log entries are the entries that include any of the following words: SSODB, WCF-Custom, 0xC0C01627, or BizTalkRuleEngineDb. 

 

After saving the configuration file, you will need to the restart the Windows Server Agent, for the ignore rules to take effect, and from now on, event log entries matching the ignore rules won’t reach AIMS platform.

 

Preventing event log entries containing sensitive data from being sent to AIMS back-end, is an excellent way to assure your customers that such log entries won’t get out from their on-premises environment. 

 

 
How does your integration monitoring stack up? Download this free checklist
 
Download the AIMS Integration Monitoring Tool Checklist

 

Topics from this blog: Blog

Author

Technical Architect at AIMS Partner Link Development and #aimsperformancepro. More than 10 years of hands-on experience with Microsoft Integration Stack.

Ahmed Taha

Technical Architect at AIMS Partner Link Development and #aimsperformancepro. More than 10 years of hands-on experience with Microsoft Integration Stack.

Share this Post

Subscribe to our newsletter

RECENT ARTICLES

IT operations monitoring

IT operations monitoring tools will help you better understand and control all your IT data and information. AIMS automated monitoring solution is powered by AI, which gives you even greater...

A comparison of the top AIOps tools

Are you looking for an AIOps tool to improve your IT operations? Then you should first compare available tools on the market. Here are the aspects that make AIMS stand out. The AIMS AIOps tool at a...

AIMS - the AIOps tool with the highest customer satisfaction

AIMS breaks into the AIOps market disrupting the traditional players as 100% of users believe AIMS is headed in the right direction with the truly automated monitoring and AI at its core. In its...