Masking certain fields in SIP logs

I am logging SIP log messages to a file. I want to know if there is a setting/config which can get me to mask certain fields in the SIP messages. For e.g for SIP INVITE
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:+123456789@81.201.89.110:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:4969945189832@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+123456789@81.81.89.89
Contact: sip:asterisk@44.44.44.1:5060
Call-ID: b57cff93-aaaaa-bbbbb-cccccc
CSeq: 1259 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, histinfo
Teid: b57cff93-aaaaa-bbbbb-cccccc
Max-Forwards: 70
User-Agent: Prod-Asterisk
Content-Type: application/sdp
Content-Length: 205
v=0
o=- 1102530521 1102530521 IN IP4 44.241.229.1
s=Asterisk
c=IN IP4 44.241.229.1
t=0 0
m=audio 13538 RTP/AVP 0 8
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=ptime:20
a=maxptime:150
a=sendrecv

I want to mask the TO number field and the INVITE to the end user phone number to ******* i.e
This
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:+123456789@81.81.89.89:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:9876543212@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+123456789@81.81.81.81

Becomes
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:***************@81.81.89.89:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:9876543212@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+************@81.81.81.81

Phone number has become sensitive data for us and we either do not log that part or mark it as ************

Thank You

No. They are diagnostic information, so the system is going to get them out as simply as possible. If you need a particular logging level, but want it redacted on the fly, I’d suggest logging to syslog and setting up syslog to pipe it through a filter.

Use Linux scripting like Sed Regex Replace

Thank you david551 and ambiorixg12. Seems like that is the only way to do it.

Regards

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.