Automatic cleanup of log packages

This section describes the automatic cleanup feature for diagnostic log packages that are collected from the IBM Fusion environment.

After a log package collection completes, the system automatically removes or sanitizes sensitive information before the package is available to download. This behavior protects sensitive data and supports compliance with enterprise security and data‑protection requirements.

Key benefits

  • Protects sensitive information by removing or masking confidential data.
  • Supports compliance with data‑protection and privacy requirements.
  • Enables safe sharing of log packages with IBM Support.
  • Operates automatically without requiring additional user actions.
  • Preserves diagnostic information that is needed for analysis and troubleshooting.

Protected information

The log cleanup process removes or obfuscates sensitive data in collected log packages.

Removed data
  • Kubernetes secrets, including secret resources and secret.yaml files
  • Credentials such as passwords, tokens, and API keys
  • Authentication files, including kubeconfig, pull secrets, and service account tokens
  • Private keys, including SSH keys and TLS private keys (.key, .pem)
  • Certificate files, including SSL and TLS certificates (.crt)
Masked or obfuscated data
  • IP addresses are replaced with consistent placeholder values
  • MAC addresses are replaced with consistent placeholder values
  • Internal domain names are obfuscated
  • Credentials (API keys) and tokens are obfuscated
  • PEM certificate content found in files
Unchanged content
The cleanup process removes or obfuscates only sensitive information. All logs, resources, and configuration data that is required for debugging remain intact.

User experience

By default, automatic log cleanup is enabled and requires no manual intervention.

  1. Collect logs by using the IBM Fusion UI.
  2. The system automatically sanitizes sensitive data in the log package.
  3. Download the clean and secure log package.

Configuration

When to change the configuration (optional)
The default configuration is secure and recommended for all environments. Disable automatic log cleanup only in the following scenarios:
  • Logs remain strictly within the organization for internal debugging
  • IBM Support explicitly requests for unsanitized log packages
Disabling automatic log package cleanup
To disable automatic log package sanitization by using the OpenShift console:
  1. Log in to the OpenShift® web console.
  2. Switch to Project <FusionNamespace> (typically ibm-spectrum-fusion-ns).
  3. Go to Workloads > ConfigMaps, search for platformconfig ConfigMap, and open it in YAML view.
  4. Locate the logCollectorConfig entry in the ConfigMap and update it with the following configuration. If the logCollectorConfig entry does not exist, add the following entry to the JSON content of the key platformconfig.json:
    "logCollectorConfig": {"disableLogCleanup": true},

  5. Save the changes.

    The automatic log package cleanup is now disabled.