[DOCS-6562] Ensure Encryption Docs mentions best practice for logs Created: 09/Nov/15 Updated: 26/Jul/17 Resolved: 19/Jul/17 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Osmar Olivo | Assignee: | Allison Reinheimer Moore |
| Resolution: | Done | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 6 years, 30 weeks ago |
| Description |
|
With our new encrypted storage engine, at least for the moment, the logs are not protected or redacted. Logs may contain sensitive data as part of their output. Therefore, in order to help with compliance, the log files should either have their loglevel and modules reduced so as not to print out any sensitive data (at the cost of harder diagnosibility of issues) or protect the logfiles using file protection or encryption. |
| Comments |
| Comment by Allison Reinheimer Moore [ 19/Jul/17 ] |
|
MongoDB 3.4 added the reactClientLogData setting, and we added a paragraph about logging at that point. (https://docs.mongodb.com/manual/core/security-encryption-at-rest/#logging) So I believe this has been addressed. |