[rabbitmq-discuss] Fwd: Sensitive data in the RabbitMQ log files

Simon MacMullen simon at rabbitmq.com
Mon Mar 10 14:56:13 GMT 2014

On 10/03/2014 12:55PM, Iain Hull wrote:
> I would like to know if the rabbitmq log files could contain sensitive data.
> In our deployment we regard the names of queues and exchanges as
> sensitive, so could these appear in the standard rabbitmq logs?

Under those definitions then yes, names of queues and exchanges can 
certainly appear in the logs. For example, just declare a queue with 
durable=true and then attempt to redeclare it with durable=false; you'll 
get an error logged containing the name of the queue.

> Also could rabbitmq usernames appear in the sasl log?

The sasl log is a log for misbehaving processes. ("sasl" is this: 
http://www.erlang.org/doc/apps/sasl/ not this: 
http://tools.ietf.org/html/rfc4422). As such it could contain data from 
any process that crashed - including usernames and even passwords if you 
are unlucky.

You should really treat access to the log files as privileged in the 
same way as access to the server OS process.

Cheers, Simon

Simon MacMullen
RabbitMQ, Pivotal

More information about the rabbitmq-discuss mailing list