Sensitive data does not belong in your logs.
Cerbi runs inside your application and enforces logging policy before logs reach Splunk, Datadog, Azure Monitor, or any other destination. No log rewriting. No pipeline changes. One line of setup.
- Block PII, PHI, and credentials at the source
- Works with MEL, Serilog, and NLog
- No changes to existing log call sites
- Governance visibility and violation tracking
Live governance demo
See governance working
in seconds.
Cerbi validates every log event against your governance policy before it leaves the process. Sensitive fields are redacted or blocked automatically — no pipeline changes required.
cerbi
enforces
GovernanceViolations
{
"LoggingProfiles": {
"production": {
"RequiredFields": [
"timestamp",
"message",
"correlationId"
],
"DisallowedFields": [
"password",
"ssn",
"creditCard",
"apiKey"
],
"MaskFields": [
"email",
"username"
]
}
}
}What this rule does
RequiredFields
Every log event must include timestamp, message, and correlationId.
DisallowedFields
password, ssn, creditCard, and apiKey are blocked and logged as violations.
MaskFields
email and username are partially masked before the event is forwarded.
Add logging governance with one line.
Drop CerbiStream into any .NET application. Works with MEL, Serilog, and NLog. Governs logs before they reach Splunk, Datadog, Azure Monitor, or any other destination.
builder.Logging.AddCerbiStream();Supported loggers
Works with your existing destinations
Governance runs at the provider level. Sensitive data is blocked or redacted before any log reaches a downstream platform.
Governance runs inside your application.
Cerbi sits between your application and your logger, enforcing rules on every log event before it leaves the process. Nothing is rewritten at the call site.
Without Cerbi
Logs flow directly from application to observability platform. Issues only surface after ingestion — after the damage is done.
Program.cs
builder.Logging.AddCerbiStream();One call. No changes to existing log call sites. No pipeline migration.
Three components. One governance layer.
CerbiStream enforces governance in the application. CerbiShield manages it across the platform. CerbiScoring tracks it over time.
CerbiStream
Native .NET logger — deepest integration
The recommended starting point. CerbiStream enforces governance rules in-process — blocking sensitive fields, redacting values, tagging violations, and optionally encrypting payloads — before any log leaves the application.
CerbiShield
Governance dashboard and management
Central dashboard for managing governance rules, monitoring violations, and deploying policy updates across environments. Includes RBAC, audit history, and Microsoft Entra SSO for enterprise teams.
CerbiScoring
Governance health and compliance visibility
Tracks violations, rule relaxations, and governance posture over time across all services. Gives security and platform teams a quantified view of logging compliance without requiring manual audits.
Where logging governance matters most.
Concrete problems Cerbi helps solve — not a compliance checklist.
Keep patient data out of logs
Patient identifiers, diagnosis codes, and medication fields have no place in application logs. Cerbi blocks disallowed fields at the point of emission — before any log reaches an observability platform, SIEM, or aggregator.
Stop payment fields from appearing in exception logs
Card numbers, CVV values, and account identifiers commonly surface in stack traces and debug output. Governance rules block them across MEL, Serilog, and NLog without requiring developers to audit every log call site.
Enforce required fields and track schema violations
Platform teams can require fields such as correlationId, tenantId, and requestId on every log event. Violations are captured and reported — without blocking deploys or adding complexity to individual services.
Apply consistent governance across MEL, Serilog, and NLog
Engineering organizations that use different logging frameworks across service teams can apply a single governance rule set to all of them — consistent policy, no matter which logger each service uses.
Cerbi provides logging governance tools to support safer handling of sensitive data. These capabilities are not legal advice, certification, or a guarantee of compliance with any regulation.
Built for engineering organizations running production systems at scale.
Standardize telemetry across services and teams.
- Enforce consistent log schemas organization-wide
- Prevent ungoverned telemetry from reaching downstream systems
- Policy-driven controls that work with existing logging frameworks
Prevent sensitive data leakage and enforce logging policies.
- Block PII, PHI, and credentials before they leave the service
- Immutable audit trails for SOC 2, HIPAA, and GDPR requirements
- Policy changes tracked with full history and approval records
Reduce observability costs and improve operational consistency.
- Governance posture visible and measurable across teams
- Reduce log ingestion volume by filtering noise before the pipeline
- Integrate governance into CI without blocking developer velocity
As of: 2026-03-16
Illustrative examples based on observed deployments and internal testing.
Built for enterprise logging environments
Cerbi runs inside your infrastructure. Log payloads, sensitive fields, and governance metadata never leave your environment.
Deployment & Licensing Truth
CerbiShield and the governance control plane are deployed entirely in your tenant. Your log data never leaves your infrastructure.
Licensing is based on governed log events per month.
Usage is counted per billing month.
If you exceed your tier in a month, Cerbi continues operating for the rest of that month.
Starting the next billing month, Cerbi enforces your tier cap.
Once the cap is reached, additional events are not accepted until you upgrade.
Your applications keep running normally. Only Cerbi event intake is affected.
Works with existing observability stacks
Cerbi sits in front of Splunk, Datadog, Azure Monitor, Elastic, and OpenTelemetry pipelines. No replacement required.
Runs inside your infrastructure
Deployed entirely within your tenant. Log payloads and sensitive fields never leave your environment.
Real-time runtime validation
Every log event is evaluated against governance rules at emission time, before it enters any pipeline.
CI/CD governance enforcement
Governance rules are version-controlled and validated at build time, preventing policy drift between environments.
Structured JSON governance rules
Rules are human-readable JSON profiles — no DSL to learn, no vendor lock-in, version-controllable with your code.
Immutable Audit Logs
Append-only audit trails designed for WORM-capable storage, supporting SOC 2, HIPAA, GDPR, and ISO 27001 controls.
Your logs should not carry sensitive data.
Cerbi enforces logging policy inside your application — blocking PHI, PII, and credentials before they reach Splunk, Datadog, or any other observability platform.