"Scrub" Sensitive Data from your Files before sending them to Datical Support
Providing your log files, project files, changelogs, and html reports can help Datical Support diagnose and resolve an issue more quickly. However, some of your Datical files may contain sensitive information.
For Datical DB versions 5.9 and higher, you can use the hammer debug export command to "scrub" sensitive information such as hosts, ports, and credentials from your files before sending them to Datical Support. The hammer debug export command will create a new zip file in your <ProjectName>/Reports/debug directory that contains the files you specify to include. The files in the zip will have the actual values for hosts, ports, and credentials replaced with more generic strings (tokens). This is to avoid emailing files that contain the actual values which may be sensitive information.
The hammer debug export command provides a simple way to archive the needed files into a zip file that you then send to Datical Support:
- You can specify which files to include in the zip.
- The command must be run from the command line (not from the Datical desktop client/GUI)
- The "scrubber" will only handle files that are located somewhere within your <ProjectName> directory structure for that project. If there are relevant files located outside of the project's directory structure (for example the daticaldb.log file for operations performed in the Datical desktop client/Eclipse GUI), you can copy that log into the project directory structure prior to running the hammer debug export command.
- You can add a new step near the end of your automation jobs so that the
hammer debug exportcommand creates the zip of "scrubbed" files automatically for each job.
Command: hammer debug export
The command creates a zip file of files in a project directory to send to Datical Support or for your teams to see more details about a particular operation.
Options provide control over what files are included in the zip. The files are "scrubbed" to remove certain sensitive data by default.
Project Directory
The project directory is the source of all files needed.
Important
Run the command in the root of the project directory.
Output Location
By default the command zips the files and places the zip archive file in the project directory:
<project>/Reports/debug/<project>.zip
Use the --report option to specify a different file name and location.
Hiding Sensitive Information
By default, the hammer debug export command ensures that sensitive information is redacted. Values are replaced with tokens. Each token uniquely replaces a particular item of information.
The following information is redacted by default:
- hostname or IP address
- port
- database names
- Oracle: service name, TNS name, SID
- Other database: database name
- user names
- passwords
Use the --scrub=false option if you do not want to have these values replaced with tokens.
Including and Excluding Files
Include (–include) or exclude (–exclude) files. The value for either option is a search string. All files with names and/or extensions that match the string search are included.
All files must be in the project file hierarchy. If you want to add a file from outside the project, copy it to the file hierarchy. Place it in the root <project-name> directory.
Including Files by Last Modified Date
You can include only files modified within a specified number of hours.
Use the --lastmodified option to specify a number of hours. All files are included that have a last modified date within the number of hours measured from the time the command is run.
Including Non-Project Files
If Datical Support asks you to include files that are not already part of the Datical project directory, you must place them in the project directory.
For example, if you use automation software like Jenkins to run packager or deploys, Datical Support may ask you for the packager.log or daticaldb.log from the automation job. You must copy them into the project directory before running the hammer debug export command.
All of the command options are shown here: CLI Commands#debugexport
Common Use Case Scenarios
Datical has found patterns in customer needs, customer security policies, and requirements for files to fully diagnose a problem. Here are four example scenarios.
- Standard for Problem Diagnosis - provide the standard files most commonly used for troubleshooting
- Default - if no command options are specified, the command will copy all of the files in the project directory into the debug zip file
- Exclude DML Files - provide all files except DML files. Security policy may determine whether you are allowed to share DML files. DML files may contain sensitive information about people and accounts.
Scenarios
Standard for Problem Diagnosis
Scrub and provide the standard information required for Datical Support to start diagnosing a problem.
- datical.project - definition of the project
- changelog.xml - the changelog lists all of the change sets
- daticaldb.log - main Datical DB log (use an asterisk where a date may be within the filename, daticaldb*.log)
- packager.log - log from running the Deployment Packager
- html reports - forecastReport.html, deployReport.html, packagerReport.html (use an asterisk to wildcard all html reports, *.html)
Example of Standard
hammer debug export --include=datical.project,changelog.xml,daticaldb*.log,packager.log,*.html
Default (no command options specified)
Include and scrub all files in the project directory.
Example of Default
hammer debug export
Exclude DML
Scrub and include files in the project directory except DML files and generated SQL in the html reports.
Example of Excluding DML
hammer debug export --exclude=*.html,Resources/sql,Resources/sql_scripts