Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.3.10
Affects Version/s: None
Component/s: Logging, Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 7 08/10/15

Log redaction is a desired feature for PII data and as a complement to encryption at rest.

In its simplest form it could be implemented as a configuration option redactLogs orthogonal to the log level.

Preserve enough info in the redaction function so that CEs et al. can do useful analytics on the output. This includes for query shapes for instance. This could be achieved through hashing actual data in the queries.

Things that could/should be redacted:
1. query parameters (things other than field names and dollarsign operators).
2. hostnames/IP addresses
3. User names maybe?
4. Namespace names maybe?
5. Error messages in case error messages include any of the above.

duplicates

SERVER-12671 Provide option to allow "masking" of query variables within audit stream.

Backlog

SERVER-17377 Allow removing attribute values from slow query logs, log query shape only

Closed

related to

SERVER-18946 I wish I can configure separately the profiler and log file

Open

Assignee:: DO NOT USE - Backlog - Platform Team

Reporter:: Andreas Nilsson

Participants:: Andreas Nilsson, DO NOT USE - Backlog - Platform Team, Eric Milkie

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: Apr 09 2015 04:14:29 PM UTC

Updated:: Feb 01 2018 08:35:50 PM UTC

Resolved:: Jul 11 2016 05:54:07 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates