Jump to: navigation, search

Hiding Selected Data in Logs

This feature implements a Genesys standard detailed in the Genesys Security Deployment Guide. It enables you to hide selected key/value pairs in the Parameters and UserData attributes of log messages generated by UCS. You can choose to hide just the value itself by replacing it with a series of asterisks (*), or you can remove the whole key/value pair from the log output.

  1. Passwords are automatically hidden in UCS logs.
  2. Hiding selected data in logs works only for requests/responses transiting via ESP ports (that is, ports having no connection protocol specified in in the Server tab of the application in configuration management). For requests/responses transiting via HTTP ports, the whole content must be hidden using the option log-http in the [log] section.

Configuring [log-filter] and [log-filter-data] sections

This feature is implemented by defining the following configuration options in the UCS cluster Application object or the individual UCS Application object:

  • default-filter-type in the [log-filter] section defines the treatment for all KV pairs in the Parameters and User Data attributes.
    • This setting will be applied to the attributes of all KVList pairs in the attribute except those that are explicitly defined in the [log-filter-data] section.
  • One or more <key-name> options in the [log-filter-data] section define the treatment for specific keys in the log, overriding the default treatment specified by default-filter-type.
    • If no value is specified for this option, no additional processing of this data element is performed.
The default settings of the options enable all data to be visible in the log.

You can get additional implementation samples in the Genesys Security Deployment Guide. For detailed descriptions of the configuration options used to configure this feature, refer to the Framework Configuration Options Reference Manual.

Supported Filters

custom-filter options are not supported.
Filter Name Description
copy The keys and values of the KVList pairs are copied to the log.
hide The keys of the KVList pairs are copied to the log; the values are replaced with strings of asterisks.
skip The KVList pairs are not copied to the log.
This page was last modified on March 13, 2019, at 10:55.


Comment on this article:

blog comments powered by Disqus