Masking PII from Syslog Files using PII Log Scrubber Tool
You can use the
A summary of the PII that the tool scrubs (masks) is listed below. For a full list, refer to the history.txt file that is downloaded with the tool (see procedure below).
■ | IP addresses |
■ | SIP URIs - hostnames, numbers, and display names |
■ | urn:uuid |
■ | Hostnames in Host header |
■ | Usernames in Authentication header |
■ | MAC addresses |
■ | Registration logs - AOR, URI, user-part, XML elements phoneNumber / extension / alias |
■ | tel: URIs |
The tool replaces IP addresses with "0.0.0.0", user parts with "USER", host parts with "HOST", authentication usernames with "USERNAME", numbers with "NUM", AORs with "VALUE", and MACs with "MAC". An example of a scrubbed syslog file is shown below with some of these masks (scrubbed data highlighted in yellow):
08:47:51.971 0.0.0.0 |
local3.notice [S=2850846] [SID=f124e3:49:83278] (N 1062346) ---- Outgoing SIP Message to 0.0.0.0:61694 from SIPInterface #0 (IPP) TLS TO(#0) SocketID(2669) ---- [Time:09-05@08:47:51.214] |
08:47:51.971 0.0.0.0 |
local3.notice [S=2850847] [SID=f124e3:49:83278] SIP/2.0 200 OK |
Via: SIP/2.0/TLS 0.0.0.0:61694;branch=z9hG4bK64e15480A617E7F9 |
|
From: NAME sip:NUM@HOST;tag=8CD3F3E0-11A66CD9 |
|
To: sip:NUM@HOST;tag=1c2029910788 |
|
Call-ID: a916eeaec1214e3192dfcb30976b34b9 |
|
CSeq: 304 REGISTER |
|
Contact: sip:NUM@HOST:61694;transport=tls;expires=60; methods="INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE, SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER" |
|
Expires: 60 |
|
Content-Length: 0 |
|
[Time:09-05@08:47:51.214] |
➢ | To remove PII using PII Log Scrubber: |
1. | Make sure that you have Python 3 installed on your computer. For instructions on installing Python, got to https://www.python.org/downloads. |
2. | Download the PII Log Scrubber tool from https://tools.audiocodes.com/install. |
3. | Locate the PII Log Scrubber tool in the same folder in which the syslog file that you want to mask is located, and then run the Python script from the command line: |
<Directory and folder> python log_scrub.py <syslog filename> <new masked syslog filename>