000036458 - How to mask RSA SecurID token serial numbers in RSA Authentication Manager logs

Document created by RSA Customer Support Employee on Jun 28, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036458
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThe article explains how RSA Authentication Manager can be configured to include only part of the token serial number in log data that is sent to applications outside of the Authentication Manager instance.


  1. Log on to the Security Console.on the RSA Authentication Manager primary instance.
  2. Click Setup > System Settings > Basic Settings > Logging.
  3. Under Select Instance, choose the primary instance and click Next.
  4. In Configure Settings, under Log Data Masking, in the field for Number of digits of the token serial number , enter the number of digits

User-added image

  1. Click Save.
RSA Authentication Manager can be configured to include zero to twelve digits of the token serial number.  The default value is 12, which includes the entire token serial number.The setting is global and applies to all instances in a particular deployment
NotesEnabling this setting, masks the token serial numbers when data from RSA Authentication Manager 8.x is sent over the network using the following methods
  • Local and Remote Syslogs,
  • Syslog to Unix,
  • Syslog to Windows,
  • SNMP to an external file store, and 
  • Network Monitoring system (NMS).