Re: [asterisk-users] Patch to remove numbers from the logs
On Wed, Jul 21, 2021 at 8:18 PM Steve Edwards wrote: > Please don't top-post. > > On Thu, 22 Jul 2021, Patrick Wakano wrote: > > > If you need something quick you could create a batch script with sed or > > awk to remove the log lines you want and attach it to the prerotate > > script of logrotate (in case you use any of these in your env). > > Certainly this is not a final solution but it is already something that > > doesn't depend on an asterisk patch. > > > > On Thu, Jul 8, 2021 at 3:58 PM Dovid Bender wrote: > > > > We have a project where people will be making payments over the phone. I > > would like block Asterisk from logging any time the system is processing > > a card. So be it SayDigits(123456789), when the user enters DTMF or when > > I pass a card number as a variable to an AGI etc. I assume this affects > > others and I would like to have the patch created in a way that a. will > > be accepted by Sangoma and b. will work for anyone else that has this > > issue. > > I suspect the concern is having credit card numbers anywhere on disk, > anytime. > > Your post suggests an alternative method that may be workable... > > rsyslog has a module, 'omprog' -- "This module permits to integrate > arbitrary external programs into rsyslog's logging" > > I've never used it, but the description implies you could configure > Asterisk to log to syslog, and then use rsyslog+omprog to pipe the > messages through a script to filter out '16 digit numbers starting with > 456' or '15 digit numbers starting with 3.' > > I thought about that. The issue that I have is say with for example "Playing 'digits/3.ulaw'" in the logs. It can be a credit card number OR it could be telling them how much money they are paying. If the latter I want to keep it. If it's repeating a credit card I don't. > Way back in the day (before PCI), we used to keep the first 6 digits (the > BIN) and the last 4 digits and replace the rest with x. We used to call > the result a 'span.' I have no idea if this is current practice. > > -- > Thanks in advance, > - > Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST > https://www.linkedin.com/in/steve-edwards-4244281-- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Patch to remove numbers from the logs
Please don't top-post. On Thu, 22 Jul 2021, Patrick Wakano wrote: If you need something quick you could create a batch script with sed or awk to remove the log lines you want and attach it to the prerotate script of logrotate (in case you use any of these in your env). Certainly this is not a final solution but it is already something that doesn't depend on an asterisk patch. On Thu, Jul 8, 2021 at 3:58 PM Dovid Bender wrote: We have a project where people will be making payments over the phone. I would like block Asterisk from logging any time the system is processing a card. So be it SayDigits(123456789), when the user enters DTMF or when I pass a card number as a variable to an AGI etc. I assume this affects others and I would like to have the patch created in a way that a. will be accepted by Sangoma and b. will work for anyone else that has this issue. I suspect the concern is having credit card numbers anywhere on disk, anytime. Your post suggests an alternative method that may be workable... rsyslog has a module, 'omprog' -- "This module permits to integrate arbitrary external programs into rsyslog's logging" I've never used it, but the description implies you could configure Asterisk to log to syslog, and then use rsyslog+omprog to pipe the messages through a script to filter out '16 digit numbers starting with 456' or '15 digit numbers starting with 3.' Way back in the day (before PCI), we used to keep the first 6 digits (the BIN) and the last 4 digits and replace the rest with x. We used to call the result a 'span.' I have no idea if this is current practice. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Patch to remove numbers from the logs
If you need something quick you could create a batch script with sed or awk
to remove the log lines you want and attach it to the prerotate script of
logrotate (in case you use any of these in your env). Certainly this is not
a final solution but it is already something that doesn't depend on an
asterisk patch.
On Sat, 10 Jul 2021 at 01:13, Dovid Bender wrote:
>
>
> On Fri, Jul 9, 2021 at 10:49 AM George Joseph wrote:
>
>>
>>
>> On Thu, Jul 8, 2021 at 3:58 PM Dovid Bender wrote:
>>
>>> Hi,
>>>
>>> We have a project where people will be making payments over the phone. I
>>> would like block Asterisk from logging any time the system is processing a
>>> card. So be it SayDigits(123456789), when the user enters DTMF or when I
>>> pass a card number as a variable to an AGI etc. I assume this affects
>>> others and I would like to have the patch created in a way that a. will be
>>> accepted by Sangoma and b. will work for anyone else that has this issue.
>>>
>>
>> Are you talking strictly about normal messages generated by the dialplan
>> or all messages, even warnings, errors, etc generated internally?
>>
>> Mainly verbose messages (so no warnings, errors etc.)
>
>>
>>
>>> My idea was to have a channel variable
>>> for exampleSet(CHANNEL(LOG_DIGITS)=OFF) and then have ast_logger check to
>>> see if the variable is set.
>>>
>>
>> Would you need to do this on a channel-by-channel basis or could you set
>> a global variable?
>>
> Because we would want to enable and disable it. Meaning we want all the
> logging on in general however at certain times where there is sensitive
> information we would not want it logged
>
>>
>>
>>> The problem I faced that wherever the logger is called a string is
>>> passed. So any digits (e.g. channel ID, thread ID etc.) would have the
>>> digits removed which I assume would hurt people. My solution was to have a
>>> configuration file where you would put in regex strings that we would
>>> replace. For instance if I set LOG_DIGITS=OFF and in the Dialplan I had
>>> CARD=4111
>>> EXP_MOTH=12
>>> EXP_YEAR=2025
>>>
>>
>> Are those variables set on the channel?
>>
> Yes they are. For instance Exten => _XX,1,Set(Month=${EXTEN})
>
>>
>>
>>>
>>> In the configuration file I would have
>>> CARD=([0-9]{15,16})
>>> EXP_MONTH=([1-2]?[0-9])
>>> EXP_YEAR=(202[5-9])
>>>
>>
>> I'd skip the config file and make teh regexes global dialplan variables.
>>
> But then how would you have multiple? Have the strings comma delimited or
> one large string (e.g.
> CARD=([0-9]{15,16})|EXP_MONTH=([1-2]?[0-9])|EXP_YEAR=(202[5-9])). One
> possible is the limit of a line in Asterisk if I recall correctly, was 256
> characters.
>
>>
>>
>>> The system would then look for any of the above expressions and then
>>> replace the numbers with an X. Does that seem like a patch that would get
>>> accepted? is that completely in left field? Any thoughts on a better way of
>>> doing it? I know I can change the verbosity to 0 but then I would get
>>> nothing at all in the logs.
>>>
>>> TIA.
>>>
>>> Dovid
>>>
>>> --
>>> _
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> Check out the new Asterisk community forum at:
>>> https://community.asterisk.org/
>>>
>>> New to Asterisk? Start here:
>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Patch to remove numbers from the logs
On Fri, Jul 9, 2021 at 10:49 AM George Joseph wrote:
>
>
> On Thu, Jul 8, 2021 at 3:58 PM Dovid Bender wrote:
>
>> Hi,
>>
>> We have a project where people will be making payments over the phone. I
>> would like block Asterisk from logging any time the system is processing a
>> card. So be it SayDigits(123456789), when the user enters DTMF or when I
>> pass a card number as a variable to an AGI etc. I assume this affects
>> others and I would like to have the patch created in a way that a. will be
>> accepted by Sangoma and b. will work for anyone else that has this issue.
>>
>
> Are you talking strictly about normal messages generated by the dialplan
> or all messages, even warnings, errors, etc generated internally?
>
> Mainly verbose messages (so no warnings, errors etc.)
>
>
>> My idea was to have a channel variable
>> for exampleSet(CHANNEL(LOG_DIGITS)=OFF) and then have ast_logger check to
>> see if the variable is set.
>>
>
> Would you need to do this on a channel-by-channel basis or could you set a
> global variable?
>
Because we would want to enable and disable it. Meaning we want all the
logging on in general however at certain times where there is sensitive
information we would not want it logged
>
>
>> The problem I faced that wherever the logger is called a string is
>> passed. So any digits (e.g. channel ID, thread ID etc.) would have the
>> digits removed which I assume would hurt people. My solution was to have a
>> configuration file where you would put in regex strings that we would
>> replace. For instance if I set LOG_DIGITS=OFF and in the Dialplan I had
>> CARD=4111
>> EXP_MOTH=12
>> EXP_YEAR=2025
>>
>
> Are those variables set on the channel?
>
Yes they are. For instance Exten => _XX,1,Set(Month=${EXTEN})
>
>
>>
>> In the configuration file I would have
>> CARD=([0-9]{15,16})
>> EXP_MONTH=([1-2]?[0-9])
>> EXP_YEAR=(202[5-9])
>>
>
> I'd skip the config file and make teh regexes global dialplan variables.
>
But then how would you have multiple? Have the strings comma delimited or
one large string (e.g.
CARD=([0-9]{15,16})|EXP_MONTH=([1-2]?[0-9])|EXP_YEAR=(202[5-9])). One
possible is the limit of a line in Asterisk if I recall correctly, was 256
characters.
>
>
>> The system would then look for any of the above expressions and then
>> replace the numbers with an X. Does that seem like a patch that would get
>> accepted? is that completely in left field? Any thoughts on a better way of
>> doing it? I know I can change the verbosity to 0 but then I would get
>> nothing at all in the logs.
>>
>> TIA.
>>
>> Dovid
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Patch to remove numbers from the logs
On Thu, Jul 8, 2021 at 3:58 PM Dovid Bender wrote:
> Hi,
>
> We have a project where people will be making payments over the phone. I
> would like block Asterisk from logging any time the system is processing a
> card. So be it SayDigits(123456789), when the user enters DTMF or when I
> pass a card number as a variable to an AGI etc. I assume this affects
> others and I would like to have the patch created in a way that a. will be
> accepted by Sangoma and b. will work for anyone else that has this issue.
>
Are you talking strictly about normal messages generated by the dialplan or
all messages, even warnings, errors, etc generated internally?
> My idea was to have a channel variable
> for exampleSet(CHANNEL(LOG_DIGITS)=OFF) and then have ast_logger check to
> see if the variable is set.
>
Would you need to do this on a channel-by-channel basis or could you set a
global variable?
> The problem I faced that wherever the logger is called a string is passed.
> So any digits (e.g. channel ID, thread ID etc.) would have the digits
> removed which I assume would hurt people. My solution was to have a
> configuration file where you would put in regex strings that we would
> replace. For instance if I set LOG_DIGITS=OFF and in the Dialplan I had
> CARD=4111
> EXP_MOTH=12
> EXP_YEAR=2025
>
Are those variables set on the channel?
>
> In the configuration file I would have
> CARD=([0-9]{15,16})
> EXP_MONTH=([1-2]?[0-9])
> EXP_YEAR=(202[5-9])
>
I'd skip the config file and make teh regexes global dialplan variables.
> The system would then look for any of the above expressions and then
> replace the numbers with an X. Does that seem like a patch that would get
> accepted? is that completely in left field? Any thoughts on a better way of
> doing it? I know I can change the verbosity to 0 but then I would get
> nothing at all in the logs.
>
> TIA.
>
> Dovid
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Patch to remove numbers from the logs
Hi,
We have a project where people will be making payments over the phone. I
would like block Asterisk from logging any time the system is processing a
card. So be it SayDigits(123456789), when the user enters DTMF or when I
pass a card number as a variable to an AGI etc. I assume this affects
others and I would like to have the patch created in a way that a. will be
accepted by Sangoma and b. will work for anyone else that has this issue.
My idea was to have a channel variable
for exampleSet(CHANNEL(LOG_DIGITS)=OFF) and then have ast_logger check to
see if the variable is set. The problem I faced that wherever the logger is
called a string is passed. So any digits (e.g. channel ID, thread ID etc.)
would have the digits removed which I assume would hurt people. My solution
was to have a configuration file where you would put in regex strings that
we would replace. For instance if I set LOG_DIGITS=OFF and in the Dialplan
I had
CARD=4111
EXP_MOTH=12
EXP_YEAR=2025
In the configuration file I would have
CARD=([0-9]{15,16})
EXP_MONTH=([1-2]?[0-9])
EXP_YEAR=(202[5-9])
The system would then look for any of the above expressions and then
replace the numbers with an X. Does that seem like a patch that would get
accepted? is that completely in left field? Any thoughts on a better way of
doing it? I know I can change the verbosity to 0 but then I would get
nothing at all in the logs.
TIA.
Dovid
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
