Expand and split off logs section

docs/admin/install.rst

@@ -400,28 +400,6 @@ To remove the permission, use:
 
 These policy changes take effect immediately.
 
-Reviewing and exporting logs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-SecureDrop Workstation aggregates system logs from all its VMs in the ``sd-log`` VM, in the folder ``~/QubesIncomingLogs``, with one subfolder for each VM. While details about submissions are not logged, the logs may contain sensitive information, such as timing data, the two-word designation for a given source, or revelatory errors. For this reason, the ``sd-log`` VM is networkless, and you cannot copy files from ``sd-log`` to other VMs by default.
-
-If you want to selectively enable copying logs to a target VM such as ``work``, you can use a command like the following in ``dom0``:
-
-.. code-block:: sh
-
-  qvm-tags work add sd-receive-logs
-
-To remove the permission, use this command in ``dom0``:
-
-.. code-block:: sh
-
-  qvm-tags work del sd-receive-logs
-
-You can add and remove the permission just before each copying operation; the change will take effect immediately. With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM.
-
-.. note::
-
-   Before copying logs to a networked VM, we recommend carefully inspecting them for information that may be sensitive.
-
 Troubleshooting installation errors
 -----------------------------------
 

docs/admin/reviewing_logs.rst

@@ -0,0 +1,36 @@
+Reviewing and exporting logs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+SecureDrop Workstation aggregates system logs from all its VMs in the ``sd-log`` VM, in the folder ``~/QubesIncomingLogs``, with one subfolder for each VM. Please note that while the logs do not include original filenames or message contents, they do contain sensitive information, e.g.:
+
+- timing and usage information related to SecureDrop access
+- the two-word designation for a given source
+- metadata about submissions and replies
+- error messages that disclose further details
+
+For this reason, the ``sd-log`` VM is networkless, and you cannot copy files from ``sd-log`` to other VMs by default.
+
+If you want to selectively enable copying logs to a single VM, you can use tags, similar to the method used for :doc:`managing clipboard access <managing_clipboard>`. You can add and remove the permission just before each copying operation; the change will take effect immediately. 
+
+.. important::
+
+   Before copying logs to a networked VM, we recommend carefully inspecting them for sensitive information, and potentially redacting them
+
+To enable copying logs to a target VM, you can use a command like the following in ``dom0``, substituting ``<VM name>`` with the name of the target VM (e.g., ``work``):
+
+.. code-block:: sh
+
+  qvm-tags <VM name> add sd-receive-logs
+
+We recommend verifying that the tag was successfully applied:
+
+.. code-block:: sh
+
+  qvm-tags <VM name> ls sd-receive-logs
+
+To remove the permission, use this command in ``dom0``:
+
+.. code-block:: sh
+
+  qvm-tags <VM name> del sd-receive-logs
+
+With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM.

docs/index.rst

@@ -34,6 +34,7 @@ against malware and other security risks. It is built on Qubes OS and requires a
    admin/install
    admin/securing_workstation
    admin/managing_clipboard
+   admin/reviewing_logs
    admin/troubleshooting_connection
    admin/provisioning_usb
    admin/known_issues