Many customers use Sumo Logic to help with compliance requirements such as PCI. PCI requires that no un-hashed or un-encrypted credit card numbers be written to the server logs or web logs. In order to help meet these requirements, and detect when credit card numbers may be written to the logs, you can mask credit card numbers from their log files before sending them to Sumo Logic.

You can mask credit card numbers from log messages using a regular expression in a mask rules. Once masked with a known string, you can then perform a search for that string within your logs to detect if credit card numbers may be leaking into your log files.

The following regular expression can be used within a masking filter to mask American Express, Visa (16 digit only),  Master Card and Discover credit card numbers:

((?:(?:4\d{3})|(?:5[1-5]\d{2})|6(?:011|5[0-9]{2}))(?:-?|\040?)(?:\d{4}(?:-?|\040?)){3}|(?:3[4,7]\d{2})(?:-?|\040?)\d{6}(?:-?|\040?)\d{5})


This regular expression covers instances where the number includes dashes, spaces, or is a solid string of numbers.

Samples include:

  • American Express: 3711-078176-01234  |  371107817601234  |  3711 078176 01234
  • Visa: 4123-5123-6123-7123  |  4123512361237123  |  4123 5123 6123 7123
  • Master Card: 5123-4123-6123-7123  |  5123412361237123  |  5123 4123 6123 7123
  • Discover: 6011-0009-9013-9424  |  6500000000000002  |  6011 0009 9013 9424