Logs are an important part of every platform. Logs are used for multiple purposes ranging from security, to monitoring, and diagnostics.
Many applications use the Couchbase Data Platform to store Personally Identifiable Information (PII). This sensitive data need special attention and careful handling. Specific policies may also be required in order to comply with data-related regulations like HIPAA, PCI, GDPR, etc. In addition, many organizations are protective of information about their internal assets such as hostnames.
What is log redaction?
In the publishing world, redaction refers to removing information from documents, and is a necessary step to ensure confidentiality of information before final publication.
Enabling Log Redaction
In Couchbase Server 5.5, log redaction settings can be changed via the UI (as shown in figure below) or the CLI. By default, log redaction level is ‘none’, which means logs are not redacted. ‘Partial’ redaction level means that only sensitive user data is redacted, leaving metadata and system data untouched. In the future, more levels will be added to allow redaction of more types of data.
|NOTE: When using partial redaction, users must be careful in naming Couchbase resource objects to not include sensitive data in object names. For example – Network elements like hostnames must also be carefully named, as the security best practice for Couchbase indicates.|
The settings page has a global setting for log collection as shown below –
Log redaction can also be modified just prior to starting log collection in the Collect Information page –
If auditing is enabled, any changes made to the global log redaction settings will be audited.
|Note: To be able to modify global log redaction settings, you must be a member of the full admin role. Log redaction is available only in the Enterprise Edition of Couchbase Server.|
How does log redaction work?
The Couchbase log redaction feature post processes system logs to redact information. When the services write log files, and potentially sensitive data is tagged. When log collection runs, sensitive data is identified using the tags, and is scrambled using a one-way hash function.
When collecting logs via the UI or CLI, Couchbase scrambles sensitive data using a random salt. The ‘cbcollect_info‘ tool can be used directly to specify a custom salt which will result in deterministic hashing. This may be useful for correlating values that might have been redacted away.
Log redaction and system troubleshooting
Log redaction is important for complying with security requirements, but it can also make troubleshooting more difficult due to the lack of human-readable data in the log. For this reason, Couchbase still leaves the non-redacted version of the logs on your local disk, and zips up the redacted version to be shipped across the network.
Head over to the Couchbase Downloads page and try out all the other new features in the Couchbase Server 5.5 release. Review the documentation for Couchbase log redaction cluster settings here. Let us know what you think, we want to hear from you.