Enable Hashing and Redaction of Log Fields
The OPLP supports hashing or redaction of certain sensitive fields from the log file to give you enhanced privacy and control over your log data. The parser computes a hash for specified values and inserts that into the JSON object sent to the Netskope cloud.
The hash function is irreversible and the original key value cannot be recovered by anyone with access to the Netskope cloud. However, the hash function is repeatable on the OPLP to match certain key values to the hash, for forensics purposes.
Configure hashing or redaction with these commands:
set log-upload perfieldaction fields <field-name> set log-upload perfieldaction action [remove|hash]remove: empties the specified fields from extracted events
hash: replaces the field values with SHA256 hash.
To hash the username field, set the following commands:
set log-upload perfieldaction fields user set log-upload perfieldaction action hash
To hash both source-ip and user field, you can specify it as comma separated field values:
set log-upload perfieldaction fields user,srcip set log-upload perfieldaction action hash
Note
We recommended to only hash the user field. Hashing the
srcipfield is supported but causes the source location to not be identified, and the user analytics map will not show the accurate location of the users.To verify the hash value, enter this command from the Netskope shell:
log-upload gethash key <value>
This runs the hash function on the key value to obtain the hash value and helps correlate specific key values against the entries in the Netskope cloud.