DOCS-15890 Add Log Redaction to Log Messages + Security Page (#2737) (#2834)

* DOCS-15890 Add Log Redaction to Log Messages + Security Page

* DC feedback

Author: ajhuh-mdb

source/administration/monitoring.txt

@@ -313,58 +313,7 @@ affect logging:
 Log Redaction
 ~~~~~~~~~~~~~
 
-*Available in MongoDB Enterprise only*
-
-A :binary:`~bin.mongod` running with :setting:`security.redactClientLogData`
-redacts :doc:`messages </reference/log-messages>` associated with any given
-log event before logging, leaving only metadata, source files, or line numbers
-related to the event. :setting:`security.redactClientLogData` prevents
-potentially sensitive information from entering the system log at the cost of
-diagnostic detail.
-
-For example, the following operation inserts a document into a
-:binary:`~bin.mongod` running without log redaction. The :binary:`~bin.mongod`
-has :setting:`systemLog.component.command.verbosity` set to ``1``:
-
-.. code-block:: javascript
-
-   db.clients.insertOne( { "name" : "Joe", "PII" : "Sensitive Information" } )
-
-This operation produces the following log event:
-
-.. code-block:: text
-
-   2017-06-09T13:35:23.446-04:00 I COMMAND  [conn1] command internal.clients
-      appName: "MongoDB Shell"
-      command: insert {
-         insert: "clients",
-         documents: [ {
-               _id: ObjectId('593adc5b99001b7d119d0c97'),
-               name: "Joe",
-               PII: " Sensitive Information"
-            } ],
-         ordered: true
-      }
-      ...
-
-A :binary:`~bin.mongod` running with :setting:`security.redactClientLogData`
-performing the same insert operation produces the following log event:
-
-.. code-block:: text
-
-   2017-06-09T13:45:18.599-04:00 I COMMAND  [conn1] command internal.clients
-      appName: "MongoDB Shell"
-      command: insert {
-         insert: "###", documents: [ {
-            _id: "###", name: "###", PII: "###"
-         } ],
-         ordered: "###"
-      }
-
-Use :setting:`~security.redactClientLogData` in conjunction with
-:doc:`/core/security-encryption-at-rest` and
-:doc:`/core/security-transport-encryption` to assist compliance with
-regulatory requirements.
+.. include:: /includes/fact-log-redaction.rst
 
 Diagnosing Performance Issues
 -----------------------------

source/includes/fact-log-redaction.rst

@@ -0,0 +1,52 @@
+*Available in MongoDB Enterprise only*
+
+A :binary:`~bin.mongod` or :binary:`~bin.mongos` running with 
+:parameter:`redactClientLogData` redacts any message accompanying a given log
+event before logging, leaving only metadata, source files, or line numbers 
+related to the event. :parameter:`redactClientLogData` prevents 
+potentially sensitive information from entering the system log at the cost of 
+diagnostic detail.
+
+For example, the following operation inserts a document into a
+:binary:`~bin.mongod` running without log redaction. The :binary:`~bin.mongod`
+has the :ref:`log verbosity level <log-messages-configure-verbosity>` set to 
+``1``:
+
+.. code-block:: javascript
+
+   db.clients.insertOne( { "name" : "Joe", "PII" : "Sensitive Information" } )
+
+This operation produces the following log event:
+
+.. code-block:: text
+
+   2017-06-09T13:35:23.446-04:00 I COMMAND  [conn1] command internal.clients
+      appName: "MongoDB Shell"
+      command: insert {
+         insert: "clients",
+         documents: [ {
+               _id: ObjectId('593adc5b99001b7d119d0c97'),
+               name: "Joe",
+               PII: " Sensitive Information"
+            } ],
+         ordered: true
+      }
+      ...
+
+When :binary:`~bin.mongod` runs with :parameter:`redactClientLogData` and
+performs the same insert operation, it produces the following log event:
+
+.. code-block:: text
+
+   2017-06-09T13:45:18.599-04:00 I COMMAND  [conn1] command internal.clients
+      appName: "MongoDB Shell"
+      command: insert {
+         insert: "###", documents: [ {
+            _id: "###", name: "###", PII: "###"
+         } ],
+         ordered: "###"
+      }
+
+Use :parameter:`redactClientLogData` in conjunction with 
+:ref:`security-encryption-at-rest` and :ref:`transport-encryption` to assist 
+compliance with regulatory requirements.

source/reference/log-messages.txt

@@ -1044,6 +1044,13 @@ to complete. Specifically:
   merge. For example, ``durationMillis`` of 100 and
   ``remoteOpWaitMillis`` of 15.
 
+.. _log-message-log-redaction:
+
+Log Redaction 
+-------------
+
+.. include:: /includes/fact-log-redaction.rst
+
 .. _log-message-parsing:
 
 Parsing Structured Log Messages

source/security.txt

@@ -51,6 +51,8 @@ security features include:
 
        :doc:`/core/auditing`
 
+       :ref:`log-message-log-redaction`
+
      - :ref:`qe-manual-feature-qe`
 
        :ref:`manual-csfle-feature`