Skip to content

This documentation is for the end of life version of Percona Server for MongoDB and is no longer supported. You may want to see the current documentation.

Log RedactionΒΆ

Percona Server for MongoDB can prevent writing sensitive data to the diagnostic log by redacting messages of events before they are logged. To enable log redaction, run mongod with the --redactClientLogData option.

Note

Metadata such as error or operation codes, line numbers, and source file names remain visible in the logs.

Log redaction is important for comlying with security requirements, but it can make troubleshooting and diagnostics more difficult due to the lack of data related to the log event. For this reason, debug messages are not redacted even when log redaction is enabled. Keep this in mind when switching between log levels.

You can permanently enable log redaction by adding the following to the configuration file:

security:
  redactClientLogData: true

To enable log redaction at runtime, use the setParameter command as follows:

db.adminCommand(
  { setParameter: 1, redactClientLogData : true }
)