Log governance — stop it at the source

Cerbi enforces logging policy inside your application, before any log event reaches a pipeline, storage platform, or observability vendor.

CerbiStream is a runtime SDK that governs log events before they reach any downstream sink. CerbiShield is the tenant-hosted control plane for rules, visibility, and audit.

One-line setup
No pipeline migration
No downstream replacement

See How It Works Start Free Trial

65.4K+NuGet downloads

29Packages

14 daysFree trial →

Microsoft Partner

Azure Marketplace

Harvard i-Lab

01.How Cerbi fits

Everything downstream stays the same.

Cerbi outputs a normal log.

It just determines what should be logged.

Where Cerbi runs

ApplicationLog emitted

CerbiGoverned at source

LoggerNormal log output

Existing ToolsUnchanged

No changes to your pipeline, ingestion, or dashboards.

Your existing logger, pipeline, and observability tools continue to work as they do today. Cerbi adds control at the source, before the log leaves the application.

Compatible with

SerilogNLogMELSplunkDatadogAzure MonitorOpenTelemetrySeqElastic.NET 8.NET 9

By the numbers

Governance that ships with your application.

Source-side governance

Every log event evaluated before it leaves the application

Pipeline changes required

Cerbi runs in-process. No new infra, no new agents, no migration

0 line

To add governance

Drop CerbiStream into your existing logger and start enforcing policy

Frameworks supported

Microsoft.Extensions.Logging, Serilog, and NLog — all natively

02.The Cerbi model

CerbiStream

Runtime SDK

NuGet package — no agents, no infra
Runs inside your application process
Validates and governs logs before emission
Works with Serilog, MEL, and NLog
Zero network calls on the hot path

Install-Package CerbiStream

CerbiShield

Governance Control Plane

Tenant-hosted dashboard — your infrastructure
Rule management, violations, and audit trail
Governance scoring and reporting
Async — never on the hot path
Available on Azure Marketplace

Azure Marketplace

Enforcement inline.Scoring and oversight out of band.

Ifyou'rerelyingoningestmasking,you'realreadytoolate.

Cerbi — governance at the source

[INFO] 2024-03-14 09:12:04.331 CerbiStream.Router — field:userId value:redacted

[WARN] 2024-03-14 09:12:04.887 CerbiStream.Policy — schema violation: missing required field "correlationId"

[INFO] 2024-03-14 09:12:05.102 CerbiStream.Sink — event routed to: Splunk (filtered), DataDog (full)

[DEBUG] 2024-03-14 09:12:05.449 CerbiShield.Guard — sensitive field detected: "password" — blocked

[INFO] 2024-03-14 09:12:05.991 CerbiStream.Router — throughput: 4,212 events/sec

03.WHY

04. HOW —The pipeline is backwards

You can't fix bad logs after they've been ingested.

Today

AppLog emitted

LogsData written

StorageAlready stored

DetectionRisk found

CleanupToo late

Data is already stored.

Risk already exists.

Cost already incurred.

With Cerbi

AppLog emitted

CerbiGoverned at sourceSource control

StorageOnly clean data

DashboardsConsistent + trustworthy

Interactive Demo

See Cerbi in the Log Path

Pick a scenario, configure governance rules, and watch what gets sanitized, blocked, and routed asynchronously — before a single byte reaches your observability platform.

Mode

Rule Set

Redact sensitive fieldsRequire correlationIdBlock forbidden fieldsEmit violation events

Input Log Event

Sensitive Data Leak

{
  "timestamp": "2025-04-12T14:32:11.042Z",
  "level": "Information",
  "message": "Payment processed",
  "correlationId": "ord-8821-xk",
  "userId": "u_4492",
  "ssn": "382-91-0047",
  "cardNumber": "4111-1111-1111-1111",
  "cvv": "392",
  "amount": 149.99,
  "service": "payment-api",
}

Runtime Flow

Application Boundary

Logger

.NET App

Cerbi

Governance

hot path

Sanitized Log

Downstream

Splunk / Datadog

Azure Monitor

Downstream Sanitized Log

// Run example to see output

Governance Result

// Governance score, violations, and async routing appear here

This demo runs entirely in-browser. No log data is transmitted. Behavior reflects Cerbi's in-process governance engine for .NET.

05.Risk & compliance

Sensitive data in logs creates exposure

PHI, PII, credentials, and tokens written to log sinks become a liability the moment they are ingested — regardless of who controls the destination.

Detection after ingestion is too late

Scrubbing sensitive data from Splunk or Datadog after the fact is operationally expensive and may not satisfy auditors. The log is already stored, indexed, and potentially replicated.

Cerbi prevents bad behavior before storage

Governance runs at emission time — before any network call, before any sink, before any pipeline. If a rule is violated, it is blocked or sanitized in-process.

Cerbi does not provide legal or compliance advice. Consult your compliance team for regulatory obligations specific to your industry.

[ Incident record ]Real-world breaches attributed to log exposure

Real incident patterns

Logs are one of the least governed data surfaces in modern systems.

Recurring patterns

Sensitive data logged as a debugging shortcut

No field-level schema or restrictions

No enforcement of allowed vs forbidden fields

Over-retention of sensitive operational data

Downstream masking relied on instead of prevention

Searchable analytics stores filled with high-risk fields

Internal support and telemetry systems treated as low-risk

Where Cerbi fits

Define what is allowed to be logged

Block sensitive fields before logs leave the app

Enforce governance at the source

Reduce risk in downstream systems

End of incident record

06. WILL —Adoption

Adopt in minutes.

CerbiStream drops into your existing logging setup. No migration. No new infrastructure on the hot path.

Full setup guide

Free trial

14 days · 5M governed events

No credit card required. Full platform access.

View trial details

Install from NuGetInstall-Package CerbiStream

Add one line to your logger.UseCerbi(cfg => cfg.LoadProfile("governance.json"))

Store governance profiles as codegovernance.json → committed, versioned, reviewed

Ship — nothing else changesNo agents · No pipeline rewrite · No sink replacement

Why teams adopt Cerbi

Prevent data leakage

Stop sensitive data at the source instead of masking later. PHI, PII, tokens, and credentials are blocked before they ever reach a downstream platform.

Improve audit readiness

Logs are compliant by default, not retroactively fixed. Every log event is governed at creation time, giving you a clean, defensible audit trail.

Reduce observability cost

Filter noise before ingestion. Blocking irrelevant events and redundant fields before they leave the application reduces Splunk and Datadog ingestion spend.

Standardize logging behavior

One policy across all services and teams. Required fields are enforced, schema violations are flagged, and logging behavior is consistent across every service.

Who this is for

Built for the teams who own what gets logged.

Cerbi is a fit when logging behavior needs to be a controlled, auditable property of the platform — not a per-team decision made at the call site.

Platform engineering

You own the internal developer platform or shared logging infrastructure. You need consistent policy enforcement across many services without mandating call-site rewrites or deploying new pipeline components.

Security and compliance

You are responsible for preventing PHI, PII, credentials, and sensitive fields from reaching observability platforms. You need evidence that governance is applied at emission, not retroactively cleaned downstream.

Architecture leadership

You are designing or auditing logging strategy across a distributed services estate. You want governance that is version-controlled, policy-driven, and compatible with your existing logging framework without lock-in.

Real scenarios

The same patterns appear in every organization.

Logging governance failures are not random. They follow recognizable patterns — and each one has a source-side solution.

Healthcare / HIPAA

Situation. A hospital platform logs every auth event, appointment lookup, and API call to Datadog for observability.

Problem. Patient names, MRNs, and diagnosis codes appear in debug fields because developers log full request payloads during development — and it ships to production.

Auth / Token Leakage

Situation. A fintech platform logs authentication events including full request context to help engineers debug token refresh failures.

Problem. Bearer tokens, session IDs, and refresh tokens are included in structured log payloads. Logs flow to Splunk, where they are retained for 90 days and queryable by any engineer.

Compliance / Audit Readiness

Situation. A financial services team faces a SOC 2 audit. Auditors request evidence that sensitive fields are not logged and that logging behavior is consistent across services.

Problem. Logging is implemented differently per team. Some services use structured logs, some use string interpolation. There is no policy document, no enforcement, and no audit trail of what governance exists.

Architecture / Masking Failure

Situation. A platform team implements downstream PII masking inside their Splunk pipeline, treating it as the primary data protection control.

Problem. The masking rule has a regex gap — it handles `email` but not `user_email` or `emailAddress`. The gap goes unnoticed for four months. All three variants reach long-term storage.

07.Voices

CustomerStaff EngineerHealthTech platform, Series B
We were logging auth tokens in error messages for two years before anyone noticed. Cerbi caught it in the first integration test.

FounderFounderCerbi
I built Cerbi because every team I worked with had the same problem — sensitive data in logs they didn't know about until it was too late. The fix had to happen at the source.

CustomerEngineering LeadFinTech SaaS, SOC 2 Type II
Our SOC 2 audit prep used to involve manual log sampling. Now we pull the governance report from CerbiShield and hand it to the auditors.

Scope

What Cerbi is not.

Clarity on scope is part of a credible product. Cerbi does one thing well: governs logging behavior at the source.

Not a SIEM

Cerbi does not collect, correlate, or alert on security events. It governs what is written to logs at the source. Your SIEM receives cleaner, more consistent data as a result.

Not a log storage platform

Cerbi has no log storage. Your existing destinations — Splunk, Datadog, Azure Monitor, Elastic, Seq — remain unchanged. Cerbi sits before them, not instead of them.

Not a replacement for your observability stack

Cerbi does not replace Datadog, New Relic, Grafana, or any observability vendor. It makes the data those platforms receive more accurate, consistent, and policy-compliant.

Not a log router or transport layer

Cerbi does not proxy or relay log traffic. There are no additional network hops on the hot path. CerbiStream is in-process; CerbiShield is async and out of band.

What it is

A .NET runtime SDK that governs log events before emission
A governance control plane for policy management and audit
A source-side filter that reduces ingestion noise and cost
A compliance tool that enforces schema at the point of creation

[ cerbi ] · Start now

Govern logging before it leaves your application.

One NuGet package. No pipeline changes. Policy-as-code governance that runs in-process before sensitive data ever reaches Splunk, Datadog, or Azure Monitor.

Start free trial Why Cerbi

14-day free trial/No credit card/Works with Serilog · NLog · MEL

Your observability stack assumes your logs are correct.They're not.