DOCSP-21757 audit log removal from 5 3 (#1155)

jason-price-mongodb · jason-price-mongodb · web-flow · commit 6c973ab13fd1 · 2022-06-01T10:38:42.000-07:00
* DOCSP-21757-audit-log-removal-from-5-3 * DOCSP-21757-audit-log-removal-from-5-3 * DOCSP-21757-audit-log-removal-from-5-3 * DOCSP-21757-audit-log-removal-from-5-3 * DOCSP-21757-audit-log-removal-from-5-3 Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com>
diff --git a/source/core/security-encryption-at-rest.txt b/source/core/security-encryption-at-rest.txt
@@ -109,49 +109,13 @@ transport encryption.
 
 For details, see :ref:`rotate-encryption-keys`.
 
+.. _security-encryption-at-rest-audit-log:
+
 Audit Log
 ~~~~~~~~~
 
 Available in MongoDB Enterprise only.
 
-.. _security-encryption-at-rest-audit-log:
-
-Use KMIP Server to Manage Keys for Encrypting the MongoDB Audit Log
-```````````````````````````````````````````````````````````````````
-
-Starting in MongoDB 5.3 Enterprise, you can use an external Key
-Management Interoperability Protocol (KMIP) server to securely manage
-the keys for encrypting the MongoDB audit log.
-
-To use a KMIP server with audit log encryption, configure these settings
-and parameters:
-
-- :setting:`auditLog.auditEncryptionKeyIdentifier` setting
-- :setting:`auditLog.compressionMode` setting
-- :parameter:`auditEncryptionHeaderMetadataFile` parameter
-- :parameter:`auditEncryptKeyWithKMIPGet` parameter
-
-For testing audit log encryption, you can also use the
-:setting:`auditLog.localAuditKeyFile` setting.
-
-If you need to downgrade MongoDB, you must first disable audit log
-encryption by removing :setting:`auditLog.auditEncryptionKeyIdentifier`
-or :setting:`auditLog.localAuditKeyFile`. Existing audit logs remain
-encrypted, and you can keep any procedures you have developed for
-storage and ingestion of encrypted logs.
-
-.. note::
-
-   For audit log encryption, the audit log destination must be a
-   file. :term:`syslog` cannot be used as the destination.
-
-Unencrypted Audit Log and Process Log
-`````````````````````````````````````
-
-This section applies if you are not using an external Key Management
-Interoperability Protocol (KMIP) server to manage keys for encrypting
-the audit log as shown in the previous section.
-
 The audit log file is not encrypted as a part of MongoDB's encrypted
 storage engine. A :binary:`~bin.mongod` running with :ref:`logging
 <monitoring-standard-loggging>` may output potentially sensitive
diff --git a/source/reference/parameters.txt b/source/reference/parameters.txt
@@ -4398,58 +4398,6 @@ Auditing Parameters
       Using the default value of 300 seconds, non-config nodes may lag up
       to 5 minutes behind a setAuditConfig command.
 
-.. parameter:: auditEncryptionHeaderMetadataFile
-
-   .. versionadded:: 5.3
-
-   *Type*: string
-
-   .. include:: /includes/note-audit-in-enterprise.rst
-
-   |both|
-
-   Path and file name for logging metadata audit headers for :ref:`audit
-   log encryption <security-encryption-at-rest-audit-log>`. A header is
-   placed at the top of each audit log file and contains metadata for
-   decrypting the audit log. The headers are also stored in the
-   :doc:`audit log </core/auditing>`.
-
-   You can only set :parameter:`auditEncryptionHeaderMetadataFile`
-   during startup in the :setting:`configuration file <setParameter>` or
-   with the ``--setParameter`` option on the command line. For example,
-   the following sets the path and file for
-   :parameter:`auditEncryptionHeaderMetadataFile`:
-
-   .. code-block:: bash
-
-      mongod --setParameter auditEncryptionHeaderMetadataFile=/auditFiles/auditHeadersMetadataFile.log
-
-.. parameter:: auditEncryptKeyWithKMIPGet
-
-   .. versionadded:: 5.3
-
-   *Type*: boolean
-
-   *Default*: false
-
-   .. include:: /includes/note-audit-in-enterprise.rst
-
-   |both|
-
-   Enables :ref:`audit log encryption
-   <security-encryption-at-rest-audit-log>` for Key Management
-   Interoperability Protocol (KMIP) servers that only support KMIP
-   protocol version 1.0 or 1.1.
-
-   You can only set :parameter:`auditEncryptKeyWithKMIPGet` during
-   startup in the :setting:`configuration file <setParameter>` or with
-   the ``--setParameter`` option on the command line. For example, the
-   following sets :parameter:`auditEncryptKeyWithKMIPGet` to ``true``:
-
-   .. code-block:: bash
-
-      mongod --setParameter auditEncryptKeyWithKMIPGet=true
-
 Transaction Parameters
 ~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/source/release-notes/5.3.txt b/source/release-notes/5.3.txt
@@ -115,6 +115,13 @@ defragmented.
 General Improvements
 --------------------
 
+Time Series Collection Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Starting in MongoDB 5.3, you can use the :pipeline:`$geoNear` pipeline
+operator on any field in a :ref:`time series collection
+<manual-timeseries-collection>`.
+
 Clustered Collections
 ~~~~~~~~~~~~~~~~~~~~~
 
@@ -168,13 +175,6 @@ Starting in MongoDB 5.3, the :parameter:`fassertOnLockTimeoutForStepUpDown`
 parameter allows a server that receives a request to step up or down to 
 terminate if it is unable to comply within the timeout.
 
-Time Series Collection Improvements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Starting in MongoDB 5.3, you can use the :pipeline:`$geoNear` pipeline
-operator on any field in a :ref:`time series collection
-<manual-timeseries-collection>`.
-
 Multiple Arbiters
 ~~~~~~~~~~~~~~~~~~
 
