İçeriğe Atla
Mustafa Erbay
Tutorials · 8 min read · görüntülenme Türkçe oku
100%

Sensitive-Data Masking Pipeline for Logs with Vector and VRL

A practical Vector and VRL based approach for cleaning sensitive fields out of a centralised log stream before they reach the destination.

#vector #logging #security #observability #automation
Sensitive-Data Masking Pipeline for Logs with Vector and VRL — cover image

A centralised log collection path provides visibility, but it can simultaneously become a data-leak surface. A masking layer placed between source and destination using Vector and VRL reduces that risk in a quick and measured way.

Technical schema that masks sensitive data inside the log stream using Vector and VRL
The real win in a log pipeline is cleaning sensitive data while it is still in flight, rather than after it has already been indexed.

Why mask at the pipeline layer?

Records that have already been indexed or shared with other teams are hard to clean up after the fact. Fixing the application side is the right move long-term, but in the short term placing a protective layer on the centralised pipeline meaningfully reduces risk.

Sample VRL transform

[transforms.mask_sensitive]
type = "remap"
inputs = ["app_logs"]
source = '''
if exists(.email) {
  .email = replace(string!(.email), r'(^.).*(@.*$)', "$1***$2")
}
if exists(.token) {
  .token = "masked-token"
}
'''

Conclusion

A sensitive-data masking pipeline for logs with Vector and VRL gives you a quick and effective protection layer on the central log path. The best log pipeline is not the one that gathers the most data, but the one that carries the right data through safely.

Paylaş:

Bu yazı faydalı oldu mu?

Yükleniyor...

Bu yazı nasıldı?

ME

Mustafa Erbay

Sistem Mimarisi · Network Uzmanı · Altyapı, Güvenlik ve Yazılım

2006'dan bu yana sistem mimarisi, network, sunucu altyapıları, büyük yapıların kurulumu, yazılım ve sistem güvenliği ekseninde çalışıyorum. Bu blogda sahada karşılığı olan teknik deneyimlerimi paylaşıyorum.

Kişisel Notlar

Bu notlar sadece sizde saklanır. Tarayıcınızda yerel olarak tutulur.

Hazır 0 karakter

Comments

Server-side AI Moderation

Comments are AI-moderated server-side and stored permanently.

?
0/2000

Server-side AI moderation

✉️ Free · No spam · Unsubscribe anytime

Curated digest, hand-picked by me — not the AI

Once a week: the most important post of the week, behind-the-scenes notes, and a "what I actually used this week" section. Less noise, more signal.

  • 📌
    Best of the week Single most-worth-reading post
  • 🔧
    Toolbox notes Real tools I used this week
  • 🧠
    Behind-the-scenes Notes that don't make it to blog

We don't spam. Unsubscribe anytime. · Tracked only by Umami (self-hosted, no Google).

Your Reading Stats

0

Posts Read

0m

Reading Time

0

Day Streak

-

Favorite Category

Related Posts

Tutorials

A Centralised Log Collection Pipeline with Vector

A practical Vector-based setup approach for collecting and routing application, syslog, and infrastructure logs through a single stream.

Tutorials

Centralized Logging with systemd-journal-remote: mTLS and Retention

A practical setup and runbook for shipping journald logs over mTLS to a central collector — without adding agents — while running a disciplined disk budget…

Tutorials

Centralized Logging with Windows Event Forwarding (WEF)

Subscriptions, health checks, and a triage runbook to centrally collect and validate security and operations signals in Windows domain environments using WEF.