[Freeswitch-users] Per-channel fsctl loglevel?

Michael Collins msc at freeswitch.org
Thu May 31 00:18:46 MSD 2012


How are you protecting everything else? If the XML CDR is sent over HTTP
instead of HTTPS then everything about the call is plain text. And what
about the FS logs? Are you encrypting those somehow? It seems to me that
you need a more comprehensive solution than just scrubbing a single channel
variable.

However, if you need an interim solution I would suggest commenting out the
line that sets digits_dialed:
http://fisheye.freeswitch.org/browse/freeswitch.git/src/switch_channel.c?r=HEAD#to3912

A more permanent solution might be to create a channel variable that
controls whether stuff like this gets logged. Something like
"no_dtmf_logging=true" or whatever. That's a bit more involved because you
have to decide if there are other places where DTMF info gets logged and if
so, decide whether or not you want not to log them.

What would be the ideal solution for your scenario? That answer might yield
the best course of action.
-MC

On Wed, May 30, 2012 at 11:20 AM, Avi Marcus <avi at avimarcus.net> wrote:

> The PCI-DSS (Payment Card Industry Data Security Standard) requires
> encryption, not merely permission restriction, for sensitive data. Hence
> I'm looking at the DTMF logging which can probably be easily re-patterned
> back into the digits, the curl POST which also shows everything in the log,
> the dialed_digits in a standard xml_cdr..
> Otherwise, afaik, lua won't log things unless you explicitly tell it to.
>
> Any suggestions other than setting the entire switch to fsctl loglevel 6
> and not storing the xml_cdrs in their raw form?
>
> -Avi
>
> On Wed, May 30, 2012 at 8:11 PM, Michael Collins <msc at freeswitch.org>wrote:
>
>> If it's a compliance issue then I'd triple-check to make sure that no one
>> unauthorized can get to any of your FS logs or CDR data. I suspect that
>> logging vs. not logging dialed_digits is not a make-or-break proposition.
>> If you're doing xml_cdrs then you've probably got that same data in other
>> log lines.
>>
>> -MC
>>
>>
>> On Wed, May 30, 2012 at 9:08 AM, Patrick Lists <
>> freeswitch-list at puzzled.xs4all.nl> wrote:
>>
>>> On 30-05-12 17:48, Michael Collins wrote:
>>> >     And.. similarly is there a way to blank out the var digits_dialed
>>> in
>>> >     the xml_cdr, from within FS, before the end of the call?
>>> >
>>> > Why do you need to clear it out? What information does it collect that
>>> > you don't need?
>>>
>>> Since it's credit card data I can imagine Avi does not want it logged
>>> for security purposes.
>>>
>>> Regards,
>>> Patrick
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120530/bced8273/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list