Add or edit log enhancers

Log enhancers are instrumentation instructions that allow the Contrast agent to log additional parameters and data in the application, without requiring any source code changes.

By using these deep security instrumentation techniques, a user can specify the API and parameter to log, and the Contrast agent adds this information to the security.log file as part of RASP logging.

Note

Starting in August 2021, new organizations include an optimized set of log enhancers. This configuration is designed to provide the highest value to users, including enhanced performance.

To add, edit or delete a log enhancer:

  1. Under policy management, select Log enhancers.

  2. Filter by language, or use the search to find the existing log enhancer you want to edit and select the name, or select Add log enhancer. Use the toggles in the grid row to enable or disable the rule in each environment.

    UUID-410ff185-add3-1d6e-31d4-2006ba5fa2b3.png
  3. In the window that appears, enter a Name and Description.

    UUID-e5f9faa4-0f5f-d9a4-5ad2-b5fcf6a9f3fe.png
  4. Enter a Log level and Log type.

  5. Under API to log, enter:

    • Language

    • API: Use the structure <class_name>.<method_name>(<argument_types>). For example:

      public boolean com.acme.Authenticator.authenticate(String user, String password)
    • Format: Enter the log description, including relevant data from the function call. You can include any of the following placeholders in your message:

      • {{O}}: Print the string representation of the object on which this call is made. If the method is static, this may be null or empty.

      • {{Pn}}: Print the given parameter at index n. Note that n starts at 1.

      • {{P1}}: Print the first parameter into the message.

      • {{R}}: Print the return value of the function.

  6. Select Add to save the rule.