Within the routing of a request I remove unneeded authentication cookies. They contain sensitive information in terms of identification tokens. So I use the "Manage Cookie" Assertion to delete some cookies. Works fine.
But within the CA API GW logs I see the cookie transformation (update or delete), with the whole values of cookies logged in clear. I would like to not log these values by default. How could this be done ?
I read How to completely disable all logging for a policy? and tried the assertion "Audit Message in Policy" in order to raise the log level to warning as opposed to info. It seamed nice also in terms of granularity : I could change for a given policy the logging level as opposed to do an API GW level change. No success : sensitive info still logged. I suppose this assertion changes the *audit* level but not the *log* level.