Hiding Selected Data in Logs
This feature implements a Genesys Standard detailed in the Genesys Security Deployment Guide. It enables you to hide selected KV pairs in the User Data, Extensions, and Reasons attributes of log messages generated by Genesys Mobile Services.
- You can choose to hide just the value itself by replacing it with a series of asterisks (*), or you can remove the whole KV pair from the log output.
- You can also hide only part of the value in a particular KV pair.
- The data can be masked completely or partially, or identified by specified characters (called tags).
This provides the intended security, but with enough data to use for tracking field values, if necessary.
Contents
Configuring [log-filter] and [log-filter-data] sections
This feature is implemented by defining the following configuration options in the GMS Application object:
- default-filter-type in the [log-filter] section defines the treatment for all KV pairs in the User Data, Extensions, and Reasons attributes.
- This setting will be applied to the attributes of all KVList pairs in the attribute except those that are explicitly defined in the [log-filter-data] section.
- One or more <key-name> options in the [log-filter-data] section define the treatment for specific keys in the log, overriding the default treatment specified by default-filter-type.
- If no value is specified for this option, no additional processing of this data element is performed.
You can get additional implementation samples in the Genesys Security Deployment Guide.
For detailed descriptions of the configuration options used to configure this feature, refer to the
Framework Configuration Options Reference Manual.
Supported Filters
| Filter Name | Description |
|---|---|
| copy | The keys and values of the KVList pairs are copied to the log. |
| hide | The keys of the KVList pairs are copied to the log; the values are replaced with strings of asterisks. |
| hide-first,<n> | The keys of the KVList pairs are copied to the log; the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value. |
| hide-last,<n> | The keys of the KVList pairs are copied to the log; the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value. |
| unhide-first,<n> | The keys of the KVList pairs are copied to the log; all but the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the value of the key appears, with no asterisks. |
| unhide-last,<n> | The keys of the KVList pairs are copied to the log; all but the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the key, the value of the key appears, with no asterisks. |
| skip | The KVList pairs are not copied to the log. |
Examples
Here is a configuration sample, which hides from the logs the chat session ID and replaces some characters with 'x' in specified fields.
[log-filter-data]
chatSessionId=hide
email=unhide-last,10
firstName=hide
lastName=hide-first,1
subject=copy
subscriptionID=skip
This set of filters will generate the following output in the logs:
14:56:07.422 Dbg 09900 [qtp1928680974-298] (POST) Client IP Address: 127.0.0.1, URI:http://127.0.0.1:8080/genesys/1/service/8e1e3406-8e48-4846-83f1-c7be1818acf7/ixn/chat
14:56:07.431 Dbg 09900 [qtp1928680974-298] Params: KVList:
'lastName' [str] = "*oe"
'firstName' [output suppressed]
'email' [str] = "********@gmail.com"
'subject' [str] = "Question about your product"