Masking certain fields in SIP logs

Asterisk Asterisk SIP
1

I am logging SIP log messages to a file. I want to know if there is a setting/config which can get me to mask certain fields in the SIP messages. For e.g for SIP INVITE
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:+123456789@81.201.89.110:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:4969945189832@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+123456789@81.81.89.89
Contact: sip:asterisk@44.44.44.1:5060
Call-ID: b57cff93-aaaaa-bbbbb-cccccc
CSeq: 1259 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, histinfo
Teid: b57cff93-aaaaa-bbbbb-cccccc
Max-Forwards: 70
User-Agent: Prod-Asterisk
Content-Type: application/sdp
Content-Length: 205
v=0
o=- 1102530521 1102530521 IN IP4 44.241.229.1
s=Asterisk
c=IN IP4 44.241.229.1
t=0 0
m=audio 13538 RTP/AVP 0 8
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=ptime:20
a=maxptime:150
a=sendrecv

I want to mask the TO number field and the INVITE to the end user phone number to ******* i.e
This
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:+123456789@81.81.89.89:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:9876543212@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+123456789@81.81.81.81

Becomes
[Jan 11 15:48:39] VERBOSE[11858] res_pjsip_logger.c: <— Transmitting SIP request (1199 bytes) to UDP:81.81.89.89:5060 —>
INVITE sip:***************@81.81.89.89:5060 SIP/2.0
Via: SIP/2.0/UDP 44.44.44.1:5060;rport;branch=z9hG4bKPj42bdc213-c1d8-4370-8541-36e2b29bc224
From: “Prove” sip:9876543212@44.44.44.1;tag=1cdd1eb2-23ce-4631-8a68-d63802dc9660
To: sip:+************@81.81.81.81

Phone number has become sensitive data for us and we either do not log that part or mark it as ************

Thank You

2

No. They are diagnostic information, so the system is going to get them out as simply as possible. If you need a particular logging level, but want it redacted on the fly, I’d suggest logging to syslog and setting up syslog to pipe it through a filter.

3

Use Linux scripting like Sed Regex Replace

4

Thank you david551 and ambiorixg12. Seems like that is the only way to do it.

Regards

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.