With our log management solution, you have direct control over what data is reported to New Relic. To ensure data privacy, and to limit the types of information New Relic receives, no customer data is captured except what you supply in API calls or log forwarder configuration. All data for the logs service is then reported to New Relic over HTTPS.
This document describes additional security considerations for your logging data. For more information about New Relic's security measures:
- See our security and privacy documentation.
- Visit the New Relic security website.
- Read this blog post that explains how you can use our log management tools to gain visibility into some of the most severe threats to modern digital businesses.
Automatic obfuscation
The log management service automatically masks number patterns that appear to be for items such as credit cards or Social Security numbers. All integers, including spaces and hyphens that may be used as delimiters, are replaced with a string of Xes.
Numbers that appear to be a credit card (thirteen to sixteen digits) are obfuscated as XXXXXXXXXXXXXXXX. For example:
- Numbers with hyphens, such as
4111-1111-1111-1111 - Numbers with spaces, such as
4111 1111 1111 1111 - Numbers with thirteen (Visa), fourteen (Diner's Club), fifteen (American Express, JCB), or sixteen digits (Visa, Mastercard, Discover, JCB), such as
4111111111111111
Nine-digit numbers with hyphens that appear to be Social Security numbers, such as 123-45-6789, are obfuscated as XXXXXXXXX. Nine-digit numbers with spaces, such as 123 45 6789, or hyphens in a different pattern, such as 12-345-67-89, are not automatically obfuscated.
If you need to opt out of automatic obfuscation, get support at support.newrelic.com.
Customize your security settings
The data you send to New Relic, including any additional filtering, is controlled by the configuration of the log forwarder you use. You control what customer data is logged, so be sure to follow your organization's security guidelines to mask, obfuscate, or prevent sending any sensitive data.
We provide options for you to obfuscate parts of your customer data when it arrives at New Relic. This makes it easier and safer for you, rather than needing to track down sensitive data in all of your applications and try to fix them at the source.
For more information, see our documentation to manage obfuscation expressions and rules. You can hash or mask your log data by using the New Relic UI or by using NerdGraph, our GraphQL API.