Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
JSON Log Field Syntaxes are used to define the behavior for logging values that are JSON objects.
The JSON Log Field Syntax component inherits from the Log Field Syntax
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| default-behavior | |
| included-sensitive-field | |
| excluded-sensitive-field |
| Description | A description for this Log Field Syntax |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The default behavior that the server should exhibit when logging fields with this syntax. This may be overridden on a per-field basis. |
| Default Value | preserve |
| Allowed Values | preserve - Log the field with the intended value. The value will be preserved, although it may be sanitized for parsability or safety purposes (for example, to escape special characters in the value), and it may be truncated if the value is too long. omit - Completely omit the field from the log message. Neither the field name or its value will be included. redact-entire-value - Log the field name, but redact the entire value so that it is not possible to determine what the original value was. In many cases, the redacted value will preserve the syntax for the original value (for example, the redacted representation of an integer will be a placeholder integer value), but this may not be possible for all syntaxes (for example, Boolean values). redact-value-components - Log the field name, but redact components of the provided value to the extent possible. If values of this syntax may be comprised of multiple components, then some components may be individually redacted (for example, in an LDAP DN or search filter, attribute names may be preserved while the values are redacted, and it may even be possible to configure redaction for only values of a subset of attributes). If the syntax does not support redacting components within a value, then the entire value will be redacted. tokenize-entire-value - Log the field name, but generate a token for the entire value that protects the actual content of the original value while still making it possible to identify other places where the same value appears elsewhere in the log. In many cases, the tokenized value will preserve the syntax for the original value, but this may not be possible for all syntaxes. tokenize-value-components - Log the field name, but tokenize components of the provided value to the extent possible (for example, in an LDAP DN or search filter, each attribute value may be replaced with a token that represents that value, while attribute names may be preserved). If the syntax does not support tokenizing components within a value, then the entire value will be tokenized. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The JSON Log Field Syntax must be disabled and re-enabled for changes to this setting to take effect. Any changes made to the set of default-behavior values will not take effect until the server is restarted or access loggers using this syntax have been disabled and re-enabled. |
| Description | The names of the JSON fields that will be considered sensitive. If any included sensitive fields are defined, and if a logger is configured to redact or tokenize values for a given log field with this syntax, then only values of JSON fields declared as sensitive will have their values redacted or tokenized, and the values of other fields (and other elements of the log field value, like field names) will be preserved. If any excluded sensitive fields are defined, and if a logger is configured to redact or tokenize values for a given log field with this syntax, then the values of any fields listed in the set of excluded sensitive fields will be preserved, and the values of all other fields will be redacted or tokenized. If neither included nor excluded sensitive fields are defined, then all fields will be considered sensitive by default. You cannot configure both included and excluded sensitive fields for the same syntax. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | The JSON Log Field Syntax must be disabled and re-enabled for changes to this setting to take effect. Any changes made to the set of included-sensitive-field values will not take effect until the server is restarted or access loggers using this syntax have been disabled and re-enabled. |
| Description | The names of the JSON fields that will not be considered sensitive. If any included sensitive fields are defined, and if a logger is configured to redact or tokenize values for a given log field with this syntax, then only values of JSON fields declared as sensitive will have their values redacted or tokenized, and the values of other fields (and other elements of the log field value, like field names) will be preserved. If any excluded sensitive fields are defined, and if a logger is configured to redact or tokenize values for a given log field with this syntax, then the values of any fields listed in the set of excluded sensitive fields will be preserved, and the values of all other fields will be redacted or tokenized. If neither included nor excluded sensitive fields are defined, then all fields will be considered sensitive by default. You cannot configure both included and excluded sensitive fields for the same syntax. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | The JSON Log Field Syntax must be disabled and re-enabled for changes to this setting to take effect. Any changes made to the set of excluded-sensitive-field values will not take effect until the server is restarted or access loggers using this syntax have been disabled and re-enabled. |
To list the configured Log Field Syntaxes:
dsconfig list-log-field-syntaxes
[--property {propertyName}] ...
To view the configuration for an existing Log Field Syntax:
dsconfig get-log-field-syntax-prop
--syntax-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Log Field Syntax:
dsconfig set-log-field-syntax-prop
--syntax-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...