Short:
I’m looking for a way to filter out sensitive information (GDRP) from the logs before offloading them to a third party.
Long:
We are working with a lot of development teams on several tenants. We don’t want every developer to have access to the tenant(s). We do want them to be able to see the logs that are generated.
Our company works with Datadog for offloading all application logs, so we would like to do that from the Auth0 tenants aswel. There are two ways that both work:
Using the Datadog log stream plugin
Using AWS Eventbridge in combination with the Datadog logforwarder Lambda function.
In both cases I’m able to get the logs into Datadog, but the streams both send information 1on1 to the third party application.
I would like to know if there is a way to configure the log payload before it leaves the Auth0 environment so we don’t send information that is deemed personal information.
Can it be done via Datadog or Eventbridge? It seems better to me to have the forwarder do it, as the full information may be important. You don’t want to remove it at the source, but rather at the next step. Then you’d have a full log for debugging, but the GDPR filtered version at the third party. I’m not sure that would satisfy GDPR though…
The ideal solution(from GDPR perspective) would be to do it before it leaves the Auth0 environment. Even using AWS Log forwarder would mean that we are sending it to a third party (AWS).
If we are able to configure the payload in Auth0 we would never loose any data, because the full set would always be available via the log tool on the manage environment.