Filter
Top Products
Fortinet 554 FortiWeb 5.0 Patch 6 Administration Guide
5. Select either General Mask (a regular expression that will match any substring in the packet
payload) or Field Mask (a regular expression that will match only the value of a specific form
input).
• In the field next to General Mask, type a regular expression that matches all the strings or
numbers that you want to obscure in the packet payloads.
For example, to hide a parameter that contains the age of users under 14, you could
enter:
age\=[1-13]
Valid expressions must not start with an asterisk ( * ). The maximum length is 255
characters.
• For Field Mask, in the left-hand field (Field Name), type a regular expression that matches
all and only the input names whose values you want to obscure. (The input name itself
will not be obscured. If you wish to do this, use General Mask instead.) Then, in the right
hand field (Field Value), type a regular expression that matches all input values that you
want to obscure. Valid expressions must not start with an asterisk ( * ). The maximum
length is 255 characters.
For example, to hide a parameter that contains the age of users under 14, for Field Name,
you would enter age, and for Field Value, you could enter [1-13].
6. Click OK.
The expression appears in the list of regular expressions that define sensitive data that will
be obscured in the logs.
When viewing new log messages, data types matching your expression are replaced with a
string of asterisks.
Configuring Syslog settings
In order to store log messages remotely on a Syslog server, you must first create the Syslog
connection settings.
Field masks using asterisks are greedy: a match for the parameter’s value will obscure it, but
will also obscure the rest of the parameters in the line. To avoid this, enter an expression whose
match terminates with, but does not consume, the parameter separator.
For example, if parameters are separated with an ampersand ( & ), and you want to obscure the
value of the Field Name username but not any of the parameters that follow it, you could enter
the Field Value:
.*?(?=\&)
This would result in:
username****&age=13&origurl=%2Flogin
To test a regular expression, click the >> (test) button. This opens the Regular Expression
Validator window where you can fine-tune the expression (see “Regular expression syntax” on
page 673)