PingDirectory

Setting log file encryption

Set log file encryption.

About this task

The following commands can be used to set log file encryption.

Steps

  1. Use dsconfig to enable encryption for a Log Publisher.

    Example:

    In this example, the FilebasedAccess Log Publisher "Encrypted Access" is created, compression is set, and rotation and retention policies are set.

    $ bin/dsconfig create-log-publisher-prop --publisher-name "Encrypted Access" \
      --type file-based-access \
      --set enabled:true \
      --set compression-mechanism:gzip \
      --set encryption-settings-definitionid:332C846EF0DCD1D5187C1592E4C74CAD33FC1E5FC20B726CD301CDD2B3FFBC2B \
      --set encrypt-log:true \
      --set log-file:logs/encrypted-access \
      --set "rotation-policy:24 Hours Time Limit Rotation Policy" \
      --set "rotation-policy:Size Limit Rotation Policy" \
      --set "retention-policy:File Count Retention Policy" \
      --set "retention-policy:Free Disk Space Retention Policy" \
      --set "retention-policy:Size Limit Retention Policy"
  2. To decrypt and decompress the file:

    $ bin/encrypt-file --decrypt \
      --decompress-input \
      --input-file logs/encrypted-access.20180216040332Z.gz.encrypted \
      --output-file decrypted-access
    Initializing the server's encryption framework...DoneWriting decrypted
    data to file '/ds/PingDirectory/decrypted-access' using akey generated
    from encryption settings definition
    '332c846ef0dcd1d5187c1592e4c74cad33fc1e5fc20b726cd301cdd2b3ffbc2b'Success
    fully wrote 123,456,789 bytes of decrypted data