I am attempting to obfuscate certain fields when they are logged as part of the REST request/response mapping data transforms. I have to do this at the log4j level in order to prevent logging of confidential data if the relevant logger's logging level setting is turned on from the System --> Operations --> Logs menu. For example, if  the logging level setting of the com.pega.pegarules.integration.engine.internal.ServiceMappingUtils logger is changed to ALL then the request/response objects will always get logged, bypassing any obfuscation at the code level.

After doing some research, I have decided to use the Apache Rewrite Policy in order to achieve this using the technique outlined below - 

https://dzone.com/articles/how-to-mask-sensitive-data

As such, I have created a Java class as described and include my obfuscation logic in it. I compiled this Java and created a JAR from the compiled class, after which I imported the JAR into Pega (version 7.3) and it is available in the PR_ENGINECLASSES database table. I then added the package name in the Configuration node of the prlog4j2.xml file and also created a new logger which references the rewrite Appender, as shown below -

<Logger name="com.pega.pegarules.integration.engine.internal.ServiceMappingUtils" additivity="false" level="debug">                  <AppenderRef ref="rewrite" /> </Logger>

After restarting the application and on testing, I can see that the REST request/response objects are being logged to the newly created log file but the obfuscation does not happen. I have tried debugging by adding log entries in the Java class but it appears like the Java class is not even getting run.

Has anyone got any ideas on why this does not work or if I'm missing anything here?