Masking PII from Syslog Files using PII Log Scrubber Tool

You can use the AudioCodes PII Log Scrubber tool (Python script) to remove (mask) all personally identifiable information (PII) from syslog files created by the device. You can run the tool on any laptop, PC, or server that has Python 3 installed.

A summary of the PII that the tool scrubs (masks) is listed below. For a full list, refer to the history.txt file that is downloaded with the tool (see procedure below).

IP addresses
SIP URIs - hostnames, numbers, and display names
urn:uuid
Hostnames in Host header
Usernames in Authentication header
MAC addresses
Registration logs - AOR, URI, user-part, XML elements phoneNumber / extension / alias
tel: URIs

The tool replaces IP addresses with "0.0.0.0", user parts with "USER", host parts with "HOST", authentication usernames with "USERNAME", numbers with "NUM", AORs with "VALUE", and MACs with "MAC". An example of a scrubbed syslog file is shown below with some of these masks (scrubbed data highlighted in yellow):

08:47:51.971 0.0.0.0

local3.notice [S=2850846] [SID=f124e3:49:83278] (N 1062346) ---- Outgoing SIP Message to 0.0.0.0:61694 from SIPInterface #0 (IPP) TLS TO(#0) SocketID(2669) ---- [Time:09-05@08:47:51.214]

08:47:51.971 0.0.0.0

local3.notice [S=2850847] [SID=f124e3:49:83278] SIP/2.0 200 OK

Via: SIP/2.0/TLS 0.0.0.0:61694;branch=z9hG4bK64e15480A617E7F9

From: NAME sip:NUM@HOST;tag=8CD3F3E0-11A66CD9

To: sip:NUM@HOST;tag=1c2029910788

Call-ID: a916eeaec1214e3192dfcb30976b34b9

CSeq: 304 REGISTER

Contact: sip:NUM@HOST:61694;transport=tls;expires=60; methods="INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE, SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER"

Expires: 60

Content-Length: 0

[Time:09-05@08:47:51.214]

To remove PII using PII Log Scrubber:
1. Make sure that you have Python 3 installed on your computer. For instructions on installing Python, got to https://www.python.org/downloads.
2. Download the PII Log Scrubber tool from https://tools.audiocodes.com/install.
3. Locate the PII Log Scrubber tool in the same folder in which the syslog file that you want to mask is located, and then run the Python script from the command line:
<Directory and folder> python log_scrub.py <syslog filename> <new masked syslog filename>