Jump to: navigation, search

Hiding Selected Data in Logs

This feature implements a Genesys Standard detailed in the Genesys Security Deployment Guide. It enables you to hide selected KV pairs in the User Data, Extensions, and Reasons attributes of log messages generated by Genesys Mobile Services.

  • You can choose to hide just the value itself by replacing it with a series of asterisks (*), or you can remove the whole KV pair from the log output.
  • You can also hide only part of the value in a particular KV pair.
  • The data can be masked completely or partially, or identified by specified characters (called tags).

This provides the intended security, but with enough data to use for tracking field values, if necessary.

Important
Passwords are automatically hidden in GMS logs.

Configuring [log-filter] and [log-filter-data] sections

This feature is implemented by defining the following configuration options in the GMS Application object:

  • default-filter-type in the [log-filter] section defines the treatment for all KV pairs in the User Data, Extensions, and Reasons attributes.
    • This setting will be applied to the attributes of all KVList pairs in the attribute except those that are explicitly defined in the [log-filter-data] section.
  • One or more <key-name> options in the [log-filter-data] section define the treatment for specific keys in the log, overriding the default treatment specified by default-filter-type.
    • If no value is specified for this option, no additional processing of this data element is performed.
Important
The default settings of the options enable all data to be visible in the log.


You can get additional implementation samples in the Genesys Security Deployment Guide. For detailed descriptions of the configuration options used to configure this feature, refer to the Framework Configuration Options Reference Manual.


Supported Filters

Important
custom-filter options are not supported for now.
     Filter Name      Description
copy The keys and values of the KVList pairs are copied to the log.
hide The keys of the KVList pairs are copied to the log; the values are replaced with strings of asterisks.
hide-first,<n> The keys of the KVList pairs are copied to the log; the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
hide-last,<n> The keys of the KVList pairs are copied to the log; the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
unhide-first,<n> The keys of the KVList pairs are copied to the log; all but the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the value of the key appears, with no asterisks.
unhide-last,<n> The keys of the KVList pairs are copied to the log; all but the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the key, the value of the key appears, with no asterisks.
skip The KVList pairs are not copied to the log.

Examples

Here is a configuration sample, which hides from the logs the chat session ID and replaces some characters with 'x' in specified fields.


[log-filter-data]
chatSessionId=hide 
email=unhide-last,10
firstName=hide
lastName=hide-first,1
subject=copy
subscriptionID=skip

In the Configuration Manager

This set of filters will generate the following output in the logs:

14:56:07.422 Dbg 09900 [qtp1928680974-298] (POST) Client IP Address: 127.0.0.1, URI:http://127.0.0.1:8080/genesys/1/service/8e1e3406-8e48-4846-83f1-c7be1818acf7/ixn/chat
14:56:07.431 Dbg 09900 [qtp1928680974-298] Params: KVList:
'lastName' [str] = "*oe"
'firstName' [output suppressed]
'email' [str] = "********@gmail.com"
'subject' [str] = "Question about your product"

Configuring [log-hidden-attributes] Section to Hide Selected Internal Message Attributes

Introduced in 8.5.200

This feature enables you to hide selected attributes in the log messages generated by Genesys Mobile Services when communicating with other Genesys components. When configured, the selected attribute will be logged as [output suppressed] instead of the attribute value. This feature provides the intended level of security with enough data to ensure troubleshooting if necessary.

Here is a configuration sample which hides the content of the chat text from the logs while the GMS node communicates with the Chat Server:

[log-hidden-attributes]
FlexChat.EventInfo=Text
FlexChat.MessageText=Text
FlexChat.NoticeText=Text

If you need additional assistance with configuring a specific key name for the attribute that you want to hide, please contact Genesys Customer Care Team:

  1. Provide a sample of the logs that cover your test scenario.
  2. Indicate which attribute you would like to hide.
This page was last modified on June 25, 2019, at 08:56.

Feedback

Comment on this article:

blog comments powered by Disqus