Has the Azure VPN Gateway P2SDiagnosticLog changed? Username and source ip are now being redacted

Question

We have been doing some connection analysis using the Azure VPN Gateway P2SDiagnosticLog.

Our more recent log files have started to have the username and source IP address redacted. Specifically the first 3 characters of username are replaced by *** and the first octet of the source IP address is replaced with 0.

Is this a configuration issue on our diagnostic logging/gateway or has something been changed and not been updated in the relevant documentation?

I have checked our current diagnostic settings and everything looks normal and has not been changed.

Looking at the documentation at https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics#P2SDiagnosticLog there is an un-redacted username in the screenshot.

Recent example messages from our log are below (suitably anonymised).

"[MSG] [default] [IKEv2_9fa61441-05f3-4c6e-ffff-ac3926bbc60c] Connect request received. IP=0.65.79.46:4500 ICookie=0x51F8F32247064CFE Auth=EAP"

"[MSG] [default] [IKEv2_9fa61441-05f3-4c6e-ffff-ac3926bbc60c] EAP authentication succeeded. Username=***r.name@domain.com EapType=26"

Answer 1

@Richard Last

Thank you for your patience here. I got a response back from the team.

As mentioned by Barry above, yes this is a recent change. This change in logging behavior was due to Microsoft privacy requirements that require proper handling of PII (Personally Identifiable Information). To fulfill these requirements the product group obfuscated PII in logs. The product team will be updating the screenshot accordingly.

Hope this helps! Please let me know if you have any additional questions. Thank you!

---

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.