Mask Passwords with Logback?

Question

We currently generically log all XML documents coming in and going out of our system, and some of them contain passwords in the clear. We would like to be able to configure the

Answer 1

I believe Masking is an aspect of your business, not the aspect of any technology or logging system. There are situations where the passwords, national identities etc should be masked while storing them in the DB as well due to legal reasons. You should be able to mask the xml before giving it to the logger.

One way to do it is to run the XML through XSLT that does that making and then give it to logger for logging.

If you doesn't want to do this then LogBack has Filters support that is one of the option (not the right one though).

But understand that any generic out of the box solution you are trying to find at the logging infrastructure level is going to be suboptimal as every log message is going to be checked for masking.