How do I exclude passwords in trace logging?

To exclude passwords from trace logging, you need to remove the trace message that contains the full logon command. Use the ExcludeErrors element of the logging configuration to remove the trace of the logon command, as shown below:

 ...

<Logging>
  <!-- Sample to demonstrate ExcludeErrors -->

  <Target>
    <Protocol>file</Protocol>
    <FileName>/var/tmp/amps/logs/%Y%m%d%H%M%S-%n.log</FileName>
    <RotationThreshold>2G</RotationThreshold>
    <Level>trace</Level>
    <ExcludeErrors>12-0010</ExcludeErrors>
  </Target>
</Logging>

This will remove the command. Notice that AMPS also provides an info level log message (1F-0004) to indicate that the logon has occurred.

Keywords: logging, password, security, logon commands

Last updated