Log Redaction¶

Percona Server for MongoDB can prevent writing sensitive data to the diagnostic log by redacting messages of events before they are logged. To enable log redaction, run mongod with the --redactClientLogData option.

Note

Metadata such as error or operation codes, line numbers, and source file names remain visible in the logs.

Log redaction is important for complying with security requirements, but it can make troubleshooting and diagnostics more difficult due to the lack of data related to the log event. For this reason, debug messages are not redacted even when log redaction is enabled. Keep this in mind when switching between log levels.

You can permanently enable log redaction by adding the following to the configuration file:

security:
  redactClientLogData: true

To enable log redaction at runtime, use the setParameter command as follows:

db.adminCommand(
  { setParameter: 1, redactClientLogData : true }
)

Download PDF Manual

Previous topic

Auditing

Next topic

Enabling Authentication

This Page

Percona Server for MongoDB Series

Contact Us

For free technical help, visit the Percona Community Forum.
To report bugs or submit feature requests, open a JIRA ticket.
For paid support and managed or professional services, contact Percona Sales.

Log Redaction

Log Redaction¶

Previous topic

Next topic

This Page

Percona Server for MongoDB Series

Contact Us

Services

Products

Resources

More

About

Contact Us