Many customers use Sumo Logic to help with compliance requirements such as PCI. PCI requires that no un-hashed or un-encrypted Social Security Numbers (SSN) or other cardholder data be written to the server logs or web logs. In order to help meet these requirements, and detect when SSN may be written to the logs, many customers choose to mask SSN from their log files before sending them to Sumo Logic.

Sumo Logic allows for masking SSN from log messages using a regular expression within a mask rule . Once masked with a known string, you can then perform a search for that string within your logs to detect if SSN may be leaking into your log files.

The following regular expression can be used within a masking filter to mask SSN before your log data is sent to Sumo Logic.

((?!219-09-9999|078-05-1120)(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4})

Sample Filter Configuration