Mask Token Serial Numbers in Logs

You can configure RSA Authentication Manager to include only part of the token serial number in log data that is sent to applications outside of the Authentication Manager instance. For example, you might do this when logging data to syslog, a local file, or a Network Management Server using Simple Network Management Protocol (SNMP).

You can configure Authentication Manager to include zero to twelve digits of the token serial number. The default value is twelve, which includes the entire token serial number.


  1. On the primary instance, log on to the Security Console.

  2. Click Setup > System Settings > Basic Settings > Logging.

  3. Under Select Instance, choose the primary instance and click Next.

  4. In Configure Settings, under Log Data Masking, in the Number of digits of the token serial number to display box, enter the number of digits.

  5. Click Save.

    The setting applies to all instances in your deployment.

Related Concepts

Log Messages

Related References

Log Configuration Parameters

Related Tasks

Configure Logging