If you are sending sensitive data through REST, instead of looking to mask the message that appears in the log, I recommend masking the data itself. Firstly, I do not believe Mendix provides a way to manipulate the logging response for default logs nodes before they get to the logs. Secondly, your data is still sensitive and unmasked when it is in flight.
I suggest you encrypt the sensitive data before you send it across in the REST call, then unencrypt it on the Mendix side once the response is received. There is the Encryption module as well as several Community Commons actions that will help you do just that.