Preventing PII From Appearing in Splunk or Riva Activity Logs

  • Updated

By default, Personally identifiable information (PII) may appear in Splunk logs and Riva logs.

In Riva 2.4.54 or higher, the sync policy can be configured to prevent PII from appearing in Splunk or Riva activity logs. There are two ways to achieve that goal.

  • Convert the PII to a hash and output the hash to the Splunk or Riva activity logs.
    Example:
    Matched SystemUser: 7b2d22c6b3e55617cb55d81a0295c5dd09b4d3d2ae49279acebf3d3d03ea1f3a
    Note: Riva system logs are unaffected. They may contain PII.
    To configure Riva to output a hash instead of PII, see Hashing the PII.

    or
     
  • Replace the PII in the Splunk and Riva activity logs with this placeholder:
    {Message cleared by PII requirements}
    Note: Riva system logs are unaffected. They may contain PII.
    To configure Riva to output a placeholder instead of PII, see Replacing the PII with a placeholder.

Hashing the PII

To hash the PII and log the hash in Splunk or Riva activity logs:

  • The hashing technology used is SHA-256
  1. Configure the following advanced options for the sync policy:
    • Sync.Crm.ActivityLogPrivacyCheck.Enabled = true
    • Sync.Crm.ActivityLogPrivacyCheck.ConnectionStringName = activityPII
       
  2. In the Riva\Omni.Riva.CrmAgentEx.exe.config file, inside the <connectionStrings> tag, in the activityPII connection string, ensure that UseFormattedMessage is set to True.

  3. Save the policy.

    Result: From now on, the PII will be hashed and only the hash will be logged in Splunk or Riva activity logs.

Replacing the PII with a Placeholder

To replace the PII with a placeholder in Splunk or Riva activity logs:

  1. Configure the following advanced options for the sync policy:
    • Sync.Crm.ActivityLogPrivacyCheck.Enabled = true
    • Sync.Crm.ActivityLogPrivacyCheck.ConnectionStringName = activityPII
       
  2. In the Riva\Omni.Riva.CrmAgentEx.exe.config file, inside the <connectionStrings> tag, in the activityPII connection string, ensure that UseFormattedMessage is set to False.

  3. Save the policy.

    Result: From now on, the PII will be replaced with "{Message cleared by PII requirements}" in the Splunk or Riva activity logs.

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.