[DOCS-6562] Ensure Encryption Docs mentions best practice for logs Created: 09/Nov/15  Updated: 26/Jul/17  Resolved: 19/Jul/17

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Osmar Olivo Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 6 years, 30 weeks ago

 Description   

With our new encrypted storage engine, at least for the moment, the logs are not protected or redacted. Logs may contain sensitive data as part of their output. Therefore, in order to help with compliance, the log files should either have their loglevel and modules reduced so as not to print out any sensitive data (at the cost of harder diagnosibility of issues) or protect the logfiles using file protection or encryption.



 Comments   
Comment by Allison Reinheimer Moore [ 19/Jul/17 ]

MongoDB 3.4 added the reactClientLogData setting, and we added a paragraph about logging at that point. (https://docs.mongodb.com/manual/core/security-encryption-at-rest/#logging) So I believe this has been addressed.

Generated at Thu Feb 08 07:52:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.