Forum Discussion

WernerN's avatar
WernerN
Contributor II
7 days ago

Version 9.0 Redacting information in Error Log

Dear Community Members,

Has anyone experienced information in the log being redacted. I found this in the latest documenation.


However, i see no pattern of what is considered sensitive. 

I have a data table dump in the decimal positions are redacted.

I am logging the keys and values of two dictionaries. in both dictionaries the value is an integer.  One value is shown while the other value in redacted. Both values come from a text member of a dimension member. 
In other cases i am logging the name of the business rule and the name of the function. Sometimes the RULENAME is redacted, sometimes it is not.  Which leads me to believe that the logic thinks that the name is sensitive?!  

Is this sensitivity controllable maybe on the app settings on the server? Cause it seems overly sensitive or plainly wrong in determining what is sensitive and what is no.

Parsing
System

8 Replies

  • WernerN's avatar
    WernerN
    Contributor II
    3 days ago

    To add some information so that OS Development can maybe put an option into App Settings to turn this off:

    Trying to evaluate if i am connected from target app to source app.  
    1) In the error log trying to show the session ID (even though i dont really need it but just displaying the whole thing):
    Check session state User: xxxx, TimeAuthenticated: 20250623195015, AuthSessionID: [REDACTED], Application: XX_YYYYYYY_9.0
    2) In the message box of a my dashboard extender
    Check session state User: xxxx, TimeAuthenticated: 20250623195015, AuthSessionID: d23c1186e28041e2af226a0be74b3ec7, 

    So, at least in a dashboard extender rule I can now convert all my logging to a message box. In other rules i am a bit stuck.

    • rhankey's avatar
      rhankey
      Contributor II
      2 days ago

      Outputting to the file share also sidesteps the [redacted] messages.

      But agreed, we need a way to turn-off this "feature" (not just dial it back), as it makes debugging logic much more difficult.

      It would seem a far better way to handle the redacting would be to write unredacted message to the ErrorLog, and only apply the redacting the entire message (not just amounts containing a certain number of zeros) when displaying the log if the user looking at the log is not the owner of the log entry or is not a member of an authorized group.

      • JackLacava's avatar
        JackLacava
        Community Manager
        2 days ago

        we need a way to turn-off this "feature"

        I am not the biggest fan of this feature, but there are legitimate concerns about outputting passwords, api keys, and the likes, so it likely won't be something you can just disable. It will become smarter very soon, though, so hopefully it won't be a real problem anymore.

  • JackLacava's avatar
    JackLacava
    Community Manager
    6 days ago

    I hear you, I agree that we went a bit overboard with this feature. It gets triggered in "interesting" cases, like when a string has 8 consecutive zeros... It can be maddening.

    Future releases will likely dial it down a bit.

    • WernerN's avatar
      WernerN
      Contributor II
      6 days ago

      Thanks Jack,
      The new feature redacts this name of a business rule "WsasDataManagementStep", or this name of a function "LoadMarketLookUpDictionary".  English is not my first language, but I cannot find anything wrong with these names and i built 'Clean up words' algorithms before. 

      But anyway, I would hope that we get a hotfix quickly as the current feature pretty much renders logging useless. And I have to admit that i find it difficult to believe that one would log anything that is sensitive when i can right click on any cubeview that might show sensitive financial information and export to Excel. Or is Version 9.0 also redacting when exporting to Excel.

      On a side note Jack, great presentation on Dynamic Cubes on Wednesday.   


  • WernerN's avatar
    WernerN
    Contributor II
    7 days ago

    Thank you rhankey​ 
    i thought about converting to string. did not think about the N2.
    However, the strange behaviour observable is that, and again without a pattern, i also get strings redacted. I write the rule and function names to the log and sometimes the rulename, sometimes the function name is redacted (I have both in a constant).
    And gain, thanks for the tip and responding so fast.  let;s see what our OneStream friends are saying.

  • rhankey's avatar
    rhankey
    Contributor II
    7 days ago

    It will be interesting to hear if there is a config parameter by AppServer, App, or User somewhere to turn this "feature" on/off, or if there is way to toggle it on/off when logging specific output.

    In the meantime, the workaround I have been using to overcome this new "feature" is by formatting numeric values as I'm writing them to the log.  Eg:

    api.LogMessage("DecValue="+DecValue.ToString("N2")+", IntValue="+IntValue.ToString("0"))