# Redacted and diagnostic (unredacted) logs

Tonic Structural job logs can contain sensitive data values. To avoid leaking these values, by default Structural redacts sensitive values from the logs. The logs indicate when data is redacted.

For data generation, you can optionally have Structural generate logs that are not redacted, referred to in Structural as diagnostic logs. Diagnostic logs are encrypted in the Structural application database, and are not shared with Tonic.ai.

You typically use diagnostic logging to help troubleshoot issues with data generation.

## Enabling diagnostic logs across a Structural instance for specific data connectors <a href="#diagnostic-log-environment-settings" id="diagnostic-log-environment-settings"></a>

When you set any of the following environment settings to true, the corresponding logs are always considered diagnostic logs:

* For Amazon Redshift and PostgreSQL:
  * `NPGSQL_LOGGING_ENABLED` - Whether to enable diagnostic logging. Increases the logging of the Npgsql database driver.&#x20;
  * `NPGSQL_LOG_PARAMETERS` - Whether to de-anonymize the parameter values in the logged queries.
* For Db2 for LUW:
  * `TONIC_DB2_SQL_LOGGING_ENABLED` - Whether to enable diagnostic logging.
  * `TONIC_DB2_SQL_LOG_PARAMETERS` - Whether to de-anonymize the parameter values in the logged queries.
* For MongoDB:
  * `MONGO_MQL_LOGGING_ENABLED` - Whether to enable diagnostic logging. Increases the logging of the MongoDB database driver.
* For MySQL:
  * `MYSQL_CONNECTOR_LOGGING_ENABLED` - Whether to enable diagnostic logging. Increases the logging of the MySqlConnector database driver.
* For Oracle:
  * `TONIC_ORACLE_PLSQL_LOGGING_ENABLED` - Whether to enable diagnostic logging. Increases the logging of the Oracle database driver.
  * `TONIC_ORACLE_PLSQL_LOG_PARAMETERS` - Whether to de-anonymize the parameter values in the logged queries.
  * `TONIC_ORACLE_ENABLE_SQLLDR_ERROR_LOGGING` - Whether to generate Oracle sqlldr logs. Note that access to the sqlldr logs is controlled by the **Download Sqlldr Files** workspace permission, and not the **Enable diagnostic logging** global permission.
* For SQL Server:
  * `TONIC_SQL_SERVER_TSQL_LOGGING_ENABLED` - Whether to enable diagnostic logging. Increases the logging of the SQL Server SMO database driver.
  * `TONIC_SQL_SERVER_TSQL_LOG_PARAMETERS` - Whether to de-anonymize the parameter values in logged queries.

## Enabling diagnostic logs for a data generation job <a href="#data-generation-job-enable-diagnostic" id="data-generation-job-enable-diagnostic"></a>

{% hint style="info" %}
**Required global permission:** Enable diagnostic logging and uploading logs directly to Tonic.ai
{% endhint %}

If the Structural instance is not configured to generate diagnostic logs for the workspace data connector, then you can configure whether to use diagnostic logging for an individual job.

If diagnostic logging is enabled because of an environment setting, then you cannot disable it.

For details, go to [#data-gen-diagnostic-enable](https://docs.tonic.ai/app/workflows/data-generation-run-job/data-generation-manual#data-gen-diagnostic-enable "mention").


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/app/admin/tonic-monitoring-logging/logs-redacted-diagnostic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.