Re: Passwords visible in infrastructure logs

Eric Malm <emalm@...>

Hi, Momchil,

We at Pivotal generally don't run with debug logging on for Diego and
Garden in our production systems, instead opting for the default 'info'
log-level. It is possible to toggle that log-level dynamically on
garden-linux via its debug server (which defaults to running on port 17013)
by doing a PUT to its `/log-level` endpoint with the payload 'debug',
though. Even so, the Garden team has scrubbed a lot of user-specified
information such as environment variables and command arguments out of
their logs, even at the debug level. The most relevant stories appear to be,, and, but if you need more
details I'm sure the Garden team can direct you to other stories as well.


On Tue, Dec 8, 2015 at 12:45 AM, Momchil Atanassov <
momchil.atanassov(a)> wrote:

Hi Amit,

Thanks for the quick reply!

We get logs from both DEA and Warden.

As for NATS, it's not NATS itself that is logging but rather the
`nats_steam_forwarder` (
) job running on the `nats` VMs, as can be seen here:
It always logs in `info` level so the only way to disable it is to remove
it from the deployment configuration so that it is never located on the
NATS VM and never runs.

You say that you are running 100% Diego on your productive environment.
Doesn't Garden also do some type of logging that would contain the
container configuraiton (including environment variables) or are you not
running `debug` on your systems?


Join { to automatically receive all group messages.