—

Why it Matters

Personally Identifiable Information (PII) like names, emails, phone numbers, addresses, and payment data must not appear in plaintext logs. If logs contain PII, attackers or unauthorized staff could read sensitive data directly from log files. This creates privacy, compliance, and security risks.

Sanitizing logs means replacing PII with safe tokens or redacted values before writing to disk. Logs should contain enough context to debug issues but never expose private customer details.

Verification Steps

Log inspection

# Review var/log/system.log and var/log/exception.log
grep -Ei "(customer|email|password|card|address)" var/log/*.log

# Expected: no raw email addresses, passwords, or card numbers

Custom modules

# Inspect module code for direct logging of user input
grep -R "logger->" app/code/*

Remediation / Fix Guidance

Audit Magento core and custom modules for logging practices.

Sanitize values before logging:

// Instead of logging raw email
$logger->info("User email: " . $email);

// Log sanitized data
$logger->info("User email: [REDACTED]");

Mask sensitive fields (passwords, tokens, card numbers) automatically in logging functions.
Implement centralized logging (ELK, Splunk) with filters to detect and block sensitive fields.
Perform regular scans of logs to ensure no PII is leaking.

Examples

Fail Example

[2025-01-25 12:00:01] DEBUG: Login failed for john.doe@example.com with password=SuperSecret123
# Email and password written in log → FAIL

Pass Example

[2025-01-25 12:00:01] DEBUG: Login failed for user_id=12345 with password=[REDACTED]
# Sensitive values masked → PASS