DOCS-15890 Add Log Redaction to Log Messages + Security Page (#2737) (#2838)

* DOCS-15890 Add Log Redaction to Log Messages + Security Page (#2737)

* DOCS-15890 Add Log Redaction to Log Messages + Security Page

* DC feedback

* build errors

* build errors again

Author: ajhuh-mdb

source/administration/monitoring.txt

@@ -305,58 +305,7 @@ affect logging:
 Log Redaction
 ~~~~~~~~~~~~~
 
-.. versionadded:: 3.4 Available in MongoDB Enterprise only
-
-A :binary:`~bin.mongod` running with :setting:`security.redactClientLogData`
-redacts :doc:`messages </reference/log-messages>` associated with any given
-log event before logging, leaving only metadata, source files, or line numbers
-related to the event. :setting:`security.redactClientLogData` prevents
-potentially sensitive information from entering the system log at the cost of
-diagnostic detail.
-
-For example, the following operation inserts a document into a
-:binary:`~bin.mongod` running without log redaction. The :binary:`~bin.mongod`
-has :setting:`systemLog.component.command.verbosity` set to ``1``:
-
-.. code-block:: javascript
-
-   db.clients.insertOne( { "name" : "Joe", "PII" : "Sensitive Information" } )
-
-This operation produces the following log event:
-
-.. code-block:: text
-
-   2017-06-09T13:35:23.446-0400 I COMMAND  [conn1] command internal.clients
-      appName: "MongoDB Shell"
-      command: insert {
-         insert: "clients",
-         documents: [ {
-               _id: ObjectId('593adc5b99001b7d119d0c97'),
-               name: "Joe",
-               PII: " Sensitive Information"
-            } ],
-         ordered: true
-      }
-      ...
-
-A :binary:`~bin.mongod` running with :setting:`security.redactClientLogData`
-performing the same insert operation produces the following log event:
-
-.. code-block:: text
-
-   2017-06-09T13:45:18.599-0400 I COMMAND  [conn1] command internal.clients
-      appName: "MongoDB Shell"
-      command: insert {
-         insert: "###", documents: [ {
-            _id: "###", name: "###", PII: "###"
-         } ],
-         ordered: "###"
-      }
-
-Use :setting:`~security.redactClientLogData` in conjunction with
-:doc:`/core/security-encryption-at-rest` and
-:doc:`/core/security-transport-encryption` to assist compliance with
-regulatory requirements.
+.. include:: /includes/fact-log-redaction.rst
 
 Diagnosing Performance Issues
 -----------------------------

source/core/security-encryption-at-rest.txt

@@ -1,3 +1,5 @@
+.. _security-encryption-at-rest:
+
 ==================
 Encryption at Rest
 ==================

source/includes/fact-log-redaction.rst

@@ -0,0 +1,52 @@
+*Available in MongoDB Enterprise only*
+
+A :binary:`~bin.mongod` or :binary:`~bin.mongos` running with 
+:parameter:`redactClientLogData` redacts any message accompanying a given log
+event before logging, leaving only metadata, source files, or line numbers 
+related to the event. :parameter:`redactClientLogData` prevents 
+potentially sensitive information from entering the system log at the cost of 
+diagnostic detail.
+
+For example, the following operation inserts a document into a
+:binary:`~bin.mongod` running without log redaction. The :binary:`~bin.mongod`
+has the :ref:`log verbosity level <log-messages-configure-verbosity>` set to 
+``1``:
+
+.. code-block:: javascript
+
+   db.clients.insertOne( { "name" : "Joe", "PII" : "Sensitive Information" } )
+
+This operation produces the following log event:
+
+.. code-block:: text
+
+   2017-06-09T13:35:23.446-04:00 I COMMAND  [conn1] command internal.clients
+      appName: "MongoDB Shell"
+      command: insert {
+         insert: "clients",
+         documents: [ {
+               _id: ObjectId('593adc5b99001b7d119d0c97'),
+               name: "Joe",
+               PII: " Sensitive Information"
+            } ],
+         ordered: true
+      }
+      ...
+
+When :binary:`~bin.mongod` runs with :parameter:`redactClientLogData` and
+performs the same insert operation, it produces the following log event:
+
+.. code-block:: text
+
+   2017-06-09T13:45:18.599-04:00 I COMMAND  [conn1] command internal.clients
+      appName: "MongoDB Shell"
+      command: insert {
+         insert: "###", documents: [ {
+            _id: "###", name: "###", PII: "###"
+         } ],
+         ordered: "###"
+      }
+
+Use :parameter:`redactClientLogData` in conjunction with 
+:ref:`security-encryption-at-rest` and :ref:`transport-encryption` to assist 
+compliance with regulatory requirements.

source/reference/log-messages.txt

@@ -475,3 +475,10 @@ parent. For example, the following sets the
 .. [#slow-oplogs]
 
    .. include:: /includes/extracts/4.2-changes-slow-oplog-log-message-footnote.rst
+
+.. _log-message-log-redaction:
+
+Log Redaction 
+-------------
+
+.. include:: /includes/fact-log-redaction.rst

source/security.txt

@@ -52,9 +52,11 @@ security features include:
 
        :doc:`/core/auditing`
 
+       :ref:`log-message-log-redaction`
+
      - :doc:`/core/security-client-side-encryption`
-   
-     - 
+
+     -
 
 Security Checklist
 ------------------