Suppress Personal Information From Access Logs

You can configure the
Web Security Service
to suppress some or all user identification information from the Access Logs on the devices in the
data centers. Currently,
allows you to suppress the following data types from the logs:
  • User and Group Names and Device Information
  • User and Group Names, Device Information, Client IP Addresses, Geolocations
  • All Data (Do not log any information)
To suppress these data types from the access logs, the portal provides two control types:
  • Default
    —Applies to all traffic.
  • Granular
    —Suppress any of the preceding data types for specific users, groups, and locations.
    Granular controls override the default settings.

Use Cases

  • You want to suppress guest user names from your guests who access your WiFi network while they wait in the lobby. The
    setting is
    Log all traffic normally
    (no suppression) and the
    setting is
    Do not log user/group name and client IP
    for the
    (example name) location.
  • You need to suppress some user and group names from the employee-generated logs. Additionally, you want to prevent the recording of all PII data from the Executive Staff. The
    setting is
    Do not log user/group name
    and the
    setting is
    Do not log any data
    for the
    group list (this is an
    Object Library
    group list created for this example).
  • You might have a set of employees that require identity suppression because of their geolocation or particular job duties. You can suppress user identities based on access method locations that you have added to the
    Geolocation can only be suppressed when your portal account has the Advanced Web Security with Risk Controls and Web Applications add-on license. If the license is not present, Geolocation is not collected. See About Geolocation Policies.
  • In the case of multiple privacy level matches,
    applies the strictest level. For example, you have a user that exists in
    . The policy for
    Log all traffic normally
    and the policy for
    Do not log any data
    . The user identity information is not logged, thus it is not visible in reporting.
If your portal is deployed in Universal Policy Enforcement (UPE) mode, refer to the Suppress Information in UPE Deployments section located after the procedure.


  1. Verify and/complete the following prerequisites:
    • Verify that your
        account connects to your Active Directory through the
      Auth Connector
      and integrates with your SAML implementation to provide the user and group names. Navigate to
      Identity > Users & Groups
    • If necessary and to allow for more efficient policy, use the
      Policy > Object Library
      to create custom user, group, and locations lists.
  2. Navigate to
    Account Configuration > Data Retention and Privacy
  3. Expand the
    End User Privacy
  4. Select the
    Default Privacy Setting
    End User Privacy -- Default Setting
    The default value is
    Log all traffic normally
    , which means no log data is suppressed from logs. From the
    For all traffic
    drop-down list, select a suppression option that applies to all users whose traffic routes through
  5. If necessary, apply more
    Granular Log Controls
    . Click
    . The service displays the Add Granular Privacy Controls dialog.
    Privacy Controls -- Granular
    1. Select a suppression option that applies to specific user, group, or location.
    2. Select
      Available Items
      (users, groups, and locations; Shift+Left-mouse-click to select multiple objects).
    3. Click
    4. Click
  6. The portal places the object in its correct table.
    Privacy Controls -- Example objects
    If you
    Change the Privacy Level
    for any object,
    moves the object to the correct policy table/column. If the same object already exists in that policy,
    merges the objects. Name duplication does not occur.

Suppress Information in UPE Deployments

f your
is deployed in UPE mode, the
Log All Traffic Normally
option is enabled by default. To suppress personal information, add the following proxy CPL code to the policy that Management Center pushes up to
<proxy> log.rewrite.cs-userdn("Suppressed") log.rewrite.cs-user("Suppressed") log.rewrite.cs-auth-groups("Suppressed") log.rewrite.cs-auth-group("Suppressed") log.rewrite.c-ip("")
You can removed specific constructs as necessary. For example, remove the
construct if you do not want the Client IP Address to be suppressed.
As Technical Support might continue to edit best practices in the following KB aricle:


After you know that some relevant traffic has passed, generate the
Reports > Report Center > Full Log Details
Suppressed Data