Is there a way to hide XPaths from ConfD audit commit logs?

ittaloss · April 5, 2025, 6:06pm

Hi everyone,

I’ve enabled /confdConfig/logs/auditLog and /confdConfig/logs/auditLogCommit to export all configuration commit changes to a remote syslog server.

However, I noticed that auditLogCommit entries include full XPaths in lines like:

commit thandle <N> <path> set to '<value>'
commit thandle <N> <path> created
commit thandle <N> <path> deleted
...

Is there a way to hide or remove the <path> information from these logs?

The reason I’m asking is that our application uses transforms, hooks, and hidden nodes, and exposing those internal paths in logs might confuse or leak internal logic to end users.

Any suggestions or configuration options to sanitize or restrict these log entries would be very helpful!

Thanks in advance!

sbarvick · April 7, 2025, 11:28pm

Hi,

Given your experience with transforms, hooks, etc, you could probably easily implement was is described in the User Guide in 16.3. Syslog Messages to customize the content to send only what you want to expose.

Best,
Scott

ittaloss · April 9, 2025, 8:58pm

Thank you!

I’m currently evaluating whether this can be easily implemented in our application, and whether it’s truly possible to customize it the way we need.

I’ll be back soon with updates or any further questions.

Best regards,
Ittalo

Topic		Replies	Views
How to log ConfD commit changes and rollback configurations to a remote syslog server? General	2	26	April 9, 2025
Password is logged in confd audit logs General	1	456	July 7, 2021
How to disable ConfdD send audit event NETCONF	4	1089	March 16, 2020
Commands visibility in syslog files Core Engine and APIs	10	2693	September 4, 2018
Similar command as "show accounting log" for confd CDB and CDB API	2	1716	July 7, 2018

Is there a way to hide XPaths from ConfD audit commit logs?

Related topics