Hi, a user has advised of strict requirement around the outputs of SLLogCollector (.zip file) to not contain any passwords (whether it be hashed or encrypted). If this condition is not met, the user is unable to grant permission for the transfer of the SLLogCollector .zip files from their network for analysis at Skyline.
Is there a version of SLLogCollector (current or to be released) that has the capability to produce .zip output files that do not contain any passwords (whether it be hashed or encrypted).
Short term solution/workaround:
(1) Is there a list of files that we can manually edit / delete from .zip to meet the requirements above?
(2) Will deleting the said files from .zip impact analysis process?
Hi Bing,
If the database passwords were configured manually in C:\Skyline DataMiner\db.xml, then they will be visible unencrypted (also in the log collector package). If the passwords are set through Cube, a unique ID (in the form of a GUID) is stored in the DB.xml. DataMiner can then use this ID to look up an encrypted value of the password. The actual encrypted passwords are not part of the SLLog Collector package.
Other than this I see the cassandra.yaml file is included in the log collector package, this file may contain the certificate & password used by Cassandra in plain text (if TLS is enabled). In that case, I would recommend redacting this information as we don't need it for investigation. More specifically, redact the client_encryption_options & server_encryption_options from cassandra.yaml.