Hide Selected Data in Logs
Contents
This feature enables you to hide all or part of selected key-value (KV) pairs in the User Data, Extensions, and Reasons attributes of log messages generated by a Genesys component. The data can be masked completely or partially, or identified by specified characters (called tags).
Security Benefits
This feature prevents unauthorized users from seeing particular data in the output of log messages. Where logs are distributed to another party, such as for troubleshooting purposes, this feature enables you to hide confidential data that you do not want the other party to see. This feature is also useful for preserving the confidentiality of data provided to you by third parties, which might be attached to the logs.
Supporting Components
This feature is supported by the following Genesys components:
- Management Framework
- Media and Network T-Servers
- Load Distribution Server
- Outbound Contact Server
- Interaction Concentrator (ICON)
- Federated
- Universal Contact Server
- Universal Routing Server
- Orchestration Server
- eServices (partial)
- Enterprise SDK
- Interaction SDK
- Real Time Metrics Engine
- Genesys Mobile Services
This following Genesys components support this feature in part or in a similar manner:
- SIP Server, except for data that appears in a SIP header
- Stat Server, in a non-standard way. For more information, refer to Stat Server-specific documentation.
- Platform SDK (PSDK), in a non-standard way. For more information, refer to PSDK-specific documentation.
- Workspace Desktop Edition (formerly known as Interaction Workspace). For configuration details of this feature in Workspace Desktop Edition, refer to the Workspace Desktop Edition Deployment Guide.
- IVR Connector handles logging of attached data on T-Library events and messages using standard T-Server configuration as described in T-Server-specific documentation. However, to avoid logging attached data in XML messages within the XML interface, use the hide-xml-udata configuration option as described in IVR Connector-specific documentation.
- Genesys Voice Platform (GVP) supports hiding Voice XML (VXML) variables by using PRIVATE variables. For more information, refer to GVP documentation.
Feature Description
This feature enables you to hide selected KV pairs in the User Data, Extensions, and Reasons attributes of log messages generated by a Genesys component. You can choose to hide just the value itself by replacing it with a series of asterisks (*), or you can remove the whole KV pair from the log output.
Starting in release 8.0, you can also hide only part of the value in a particular KV pair. This provides the intended security, but with enough data to use for tracking field values, if necessary.
Starting in release 8.1, you can mark the selected KV pairs with specific characters (called tags), which enable the log message to be parsed by downstream applications and the marked data hidden. Default tags are provided (<# for a prefix and #> for a postfix), and you can define your own custom tags of up to 16 characters, if required.
Feature Configuration
This section describes how to configure this feature, along with some examples of hiding data in the different ways made possible by the feature. For detailed descriptions of the configuration options used to configure this feature, refer to the Framework Configuration Options Reference Manual.
This feature can be used to hide information in the User Data, Extensions, and Reasons attributes of the log. The implementation is the same for all three attributes.
This feature is implemented by defining the following configuration options in the server Application object:
- default-filter-type in the [log-filter] section defines the treatment for all KV pairs in the User Data, Extensions, and Reasons attributes. This setting will be applied to the attributes of all KVList pairs in the attribute except those that are explicitly defined in the [log-filter-data] section.
- One or more <key-name> options in the [log-filter-data] section define the treatment for specific keys in the log, overriding the default treatment specified by default-filter-type. If no value is specified for this option, no additional processing of this data element is performed.
The default settings of the options enable all data to be visible in the log.
Examples
This section provides examples of using the options to define settings (default-filter-type) for the entire log, and settings (<kv-pair>) specific to a KV pair. For simplicity, the examples show only the use of the feature to hide information in the User Data attribute.
Default Settings
This example uses the default settings. Note that all data is visible in the log.
[log-filter]
default-filter-type=copy
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' '111111111'
'RECORD_ID' '8313427'
AttributeConnID 008b012ece62c922
Masking Partial Values
This example replaces the first three characters of every key value with three asterisks (***).
[log-filter]
default-filter-type=hide-first,3
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '***0'
‘PASSWORD' '***111111'
'RECORD_ID' '***3427'
AttributeConnID 008b012ece62c922
Using Default Tags
This example uses the default tags <# and #>. Note that all KV pairs in the User Data attribute are identically tagged.
[log-filter]
default-filter-type=tag()
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' <#'8410'#>
‘PASSWORD' <#'111111111'#>
'RECORD_ID' <#'8313427'#>
AttributeConnID 008b012ece62c922
Using User-defined Tags for All Attributes
This example uses the user-defined tags <** and **>. Note that all KV pairs in the User Data attribute are identically tagged.
[log-filter]
default-filter-type=tag(<**,**>)
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' <**'8410'**>
‘PASSWORD' <**'111111111'**>
'RECORD_ID' <**'8313427'**>
AttributeConnID 008b012ece62c922
Masking Individual Values in Selected KV Pairs
This example replaces the value of the PASSWORD key with a series of asterisks (****).
[log-filter-data]
PASSWORD=hide
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' '****'
'RECORD_ID' '8313427'
AttributeConnID 008b012ece62c922
Masking Partial Values in Selected KV Pairs
This example replaces all but the last five characters of the PASSWORD key with a series of asterisks (****).
[log-filter-data]
PASSWORD=unhide-last,5
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' '****11111'
'RECORD_ID' '8313427'
AttributeConnID 008b012ece62c922
Tagging Specific KV Pairs with Default Tags
This example tags the value of the PASSWORD key with the default tags <# and #>. Note that the values of the other keys are not tagged.
[log-filter-data]
PASSWORD=tag()
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' <#'1234'#>
'RECORD_ID' '8313427'
AttributeConnID 008b012ece62c922
Tagging Specific KV Pairs with User-defined Tags
This example tags the value of the PASSWORD key with the user-defined tags <!-- and -->. Note that the values of the other keys are not tagged.
[log-filter-data]
PASSWORD=tag(<!--,-->)
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' <!--'1234'-->
'RECORD_ID' '8313427'
AttributeConnID 008b012ece62c922
Tagging Individual KV Pairs with Different Tags
This example tags the value of the PASSWORD key with user-defined tags <!-- and -->, and the value of the RECORD_ID key with default tags <# and #>. Note that the values of the other keys are not tagged.
[log-filter-data]
PASSWORD=tag(<!--,-->)
RECORD_ID= tag()
message RequestSetCallInfo
AttributeConsultType 3
AttributeOriginalConnID 008b012ece62c8be
AttributeUpdateRevision 2752651
AttributeUserData [111] 00 27 01 00
‘DNIS' '8410'
‘PASSWORD' <!--'1234'-->
'RECORD_ID' <#'8313427'#>
AttributeConnID 008b012ece62c922