Seeded demo — no install required

See how Cerbi governs logs before they leave your app

Keep your existing logger. Cerbi adds runtime policy, redaction, governance metadata, and dashboard visibility to structured logs.

This demo uses seeded events so you can see the expected CerbiShield outcome without installing anything.

Watch guided walkthrough Run interactive demo

Do I replace my logger?

No. Cerbi wraps your existing logger. You keep Serilog, NLog, MEL, Log4j2, Pino, Winston, or Zap.

What problem does it solve?

Sensitive fields in logs spread to dashboards, support tools, queues, and incidents. Cerbi blocks them at the source.

How does my team use it?

Add a NuGet or npm package, set a governance profile, and ship. Violations appear in the dashboard with suggested fixes.

SDK Setup

Keep your logger. Add governance.

Cerbi is a seatbelt for logging, not a replacement for the car. One NuGet package and a few lines of config.

CerbiStream (.NET)

// NuGet: dotnet add package CerbiStream

builder.Logging.AddCerbiGovernance(options =>
{
    options.ProfileName = "payments-api";
    options.EnforcementMode = EnforcementMode.Strict;
    options.AllowRelaxedMode = true;
    options.RequireCorrelationId = true;
    options.RedactField("cardNumber");
    options.RedactField("password");
});

Pino / Winston (Node.js)

import { cerbiGovernance } from "@cerbi/pino-governance"

const logger = pino().use(
  cerbiGovernance({
    profileName: "payments-api",
    enforcementMode: "strict",
    redactFields: ["cardNumber", "password"],
    requireFields: ["correlationId", "serviceName"],
  })
)

Supports: Serilog · NLog · Microsoft.Extensions.Logging · Log4j2 · Logback · Pino · Winston · Zap

Before and after

The same log call. Different outcome.

You write logs the same way. Cerbi applies policy before they leave the process.

Before Cerbi

logger.LogInformation("User payment processed {@Payment}", new
{
    UserId = userId,
    Amount = amount,
    CardNumber = cardNumber,
    CorrelationId = correlationId
});

cardNumber ships to every downstream sink — Application Insights, Datadog, Splunk, log files.

After Cerbi

builder.Logging.AddCerbiGovernance(options =>
{
    options.ProfileName = "payments-api";
    options.AllowRelaxedMode = true;
});

logger.LogInformation("User payment processed {@Payment}", payment);

The logger call is unchanged. Cerbi intercepts the event and applies the active governance profile.

Runtime outcome

StatusPolicy violation

ActionRedacted

FieldcardNumber

SeverityHigh

Profilepayments-api

OutcomeLog allowed — sensitive value removed

Log output

Redaction happens before the log leaves the app

The sensitive value is replaced at the source. It never reaches Application Insights, Datadog, Splunk, or ELK.

Before — raw log payload

{
  "message": "User payment processed",
  "userId": "u-123",
  "amount": 42.50,
  "cardNumber": "4111111111111111",
  "correlationId": "abc-123"
}

After Cerbi — governed output

{
  "message": "User payment processed",
  "userId": "u-123",
  "amount": 42.50,
  "cardNumber": "[REDACTED]",
  "correlationId": "abc-123",
  "cerbi.governanceProfile": "payments-api",
  "cerbi.action": "redacted",
  "cerbi.violationSeverity": "high"
}

This is the core value: the team keeps logging normally, but risky data is governed before it spreads.

Governance profile

Policy-as-config, not policy-as-review

Profiles can be versioned, rolled out gradually, and aligned to service, team, environment, or application.

payments-api governance profile

{
  "profileName": "payments-api",
  "requiredFields": [
    "correlationId",
    "serviceName",
    "environment"
  ],
  "disallowedFields": [
    "password",
    "token",
    "ssn",
    "cardNumber",
    "authorizationHeader"
  ],
  "allowRelaxedMode": true,
  "redactionMode": "source-side"
}

Required field

Fields every log must include. Missing them raises a violation.

Disallowed field

Fields that must never appear in logs. Cerbi redacts or blocks them at runtime.

Relaxed mode

Violations are tracked but the log is still allowed. Useful during rollout.

Source-side protection

Redaction happens in-process, before the event reaches any sink.

Dashboard outcome

A shared view of logging quality

Security, platform, and engineering teams see the same data. No manual log triage.

Accepted logs

12,847

Last 24h

Policy violations

Last 24h

Redacted fields

Last 24h

Relaxed logs

Last 24h

Affected services

order-api, payments-api, signup-api

Governance score

94 / 100

payments-api

Recent violations

14:42:34payments-apiHighDisallowed field:cardNumberRedacted

14:42:26order-apiMediumDisallowed field:correlationIdMissing

14:42:11signup-apiCriticalDisallowed field:passwordBlocked

Developer remediation

What the developer sees

Instead of a vague security ticket, Cerbi shows the field, rule, severity, service, profile, and suggested fix.

Policy violation — VIO-0041

Servicepayments-api

FieldcardNumber

SeverityHigh

Profilepayments-api v2.1

RuleDisallowed field: financial identifiers

ActionRedacted — log allowed

Suggested fixes

Remove the sensitive field from the log call entirely.

Rename or alias the field to a non-sensitive key.

Add the required correlationId field to every log event.

Move sensitive details to a secure system of record, not the log.

Update the governance profile if the policy definition is incorrect.

SDK coverage

Works with the logger you already use

Microsoft.Extensions.LoggingSerilogNLogLog4j2LogbackPinoWinstonZap

Get started

Logging governance without replacing your logging stack

Cerbi helps teams reduce risky logs, standardize structured logging, and give security, platform, and engineering teams a shared view of logging quality.

View guided chapters

This demo uses seeded log events and sample governance profiles. Actual governance outcomes depend on the profile configuration deployed in your environment.