Setting log file encryption
Set log file encryption.
About this task
The following commands can be used to set log file encryption.
Steps
-
Use
dsconfig
to enable encryption for a Log Publisher.Example:
In this example, the FilebasedAccess Log Publisher "Encrypted Access" is created, compression is set, and rotation and retention policies are set.
$ bin/dsconfig create-log-publisher-prop --publisher-name "Encrypted Access" \ --type file-based-access \ --set enabled:true \ --set compression-mechanism:gzip \ --set encryption-settings-definitionid:332C846EF0DCD1D5187C1592E4C74CAD33FC1E5FC20B726CD301CDD2B3FFBC2B \ --set encrypt-log:true \ --set log-file:logs/encrypted-access \ --set "rotation-policy:24 Hours Time Limit Rotation Policy" \ --set "rotation-policy:Size Limit Rotation Policy" \ --set "retention-policy:File Count Retention Policy" \ --set "retention-policy:Free Disk Space Retention Policy" \ --set "retention-policy:Size Limit Retention Policy"
-
To decrypt and decompress the file:
$ bin/encrypt-file --decrypt \ --decompress-input \ --input-file logs/encrypted-access.20180216040332Z.gz.encrypted \ --output-file decrypted-access Initializing the server's encryption framework...DoneWriting decrypted data to file '/ds/PingDirectory/decrypted-access' using akey generated from encryption settings definition '332c846ef0dcd1d5187c1592e4c74cad33fc1e5fc20b726cd301cdd2b3ffbc2b'Success fully wrote 123,456,789 bytes of decrypted data