Tropo is part of CiscoLearn More

Log suppression

Sometimes in your application you need to send or collect sensitive data. Tropo doesn't store or maintain your customer data, but our logging does log everything that happens during a Tropo application's execution. Use say("Your account ID is 1234") and your log files will contain "Your account ID is 1234".

To allow you to build applications that use this sort of sensitive data without Tropo or your development team from being able to retrieve it from your logs, Tropo supports log file security. For any prompt (say, ask, message, call, transfer, conference, or record), you can instruct Tropo not to log the output. For any speech recognition activity (the user input in ask), you can instruct Tropo not to log the intepretation, utterance, or anything else that would reveal the input.

This log suppression applies not just to the logs you can see, but to all of our logging all the way through our system.

Log security is effective in the Voice or SMS channels. For SMS, the contents of your SMS message may be logged or stored outside of Tropo during normal course of sending a message. This includes by carriers and at various points along the SMS delivery chain, and on devices. Tropo has no control over these third parties.

Note
Enabling log security will hamper our ability to troubleshoot issues with your code or our platform, should they occur. This completely disables all logging associated with the Tropo method you apply it to, so we will have no way of viewing what happened should an error occur. As such, it should only be enabled in situations where private or sensitive data is used in a prompt or speech recognition.


Suppressing Prompts

To suppress logging of text to speech related to prompts, set the promptLogSecurity parameter of the Tropo method to suppress:

say("Your account number is " + value, {promptLogSecurity: "suppress"});
    say "Your account number is " + value, {:promptLogSecurity => "suppress"}

<?php
say("Your account number is " . $value, array("promptLogSecurity" => "suppress"));
?>
say("Your account number is " + value, {"promptLogSecurity": "suppress"})
say("Your account number is " + value, ["promptLogSecurity": "suppress"]);

If logging is suppressed with promptLogSecurity, the contents of the text to speech string will be replaced with {suppressed} in the log files. The example output from the above code, without promptLogSecurity would look a little something like this (your prompt string in bold):

May 6 23:16:27.161 rt1.dev.wdc.sl.tropo.com PRISM 5045948/5059285/202c429ed9d079e43ff7c51c443a3611/176a6b5550b489694db22466c8f8c982/1/237805827_56208290@67.231.5.176/[Tropo-Thread-176a6b5550b489694db22466c8f8c982]/#MSCTRL#: Player[IDLE, MG[ms1-1979, mg2, INITIALIZED]] play(streamIds={application/ssml+xml,<?xml version="1.0" encoding="UTF-8"?><speak>Your account number is 1234</speak>}, rtcs=null, optargs={PLAYER_FILE_FORMAT=FORMAT_INFERRED, BEHAVIOUR_IF_BUSY=STOP_IF_BUSY, VOICE_NAME=null, PLAYER_START_OFFSET=0, PLAYER_JUMP_TIME=5000, PLAYER_AUDIO_CODEC=CODEC_INFERRED, PLAYER_ENABLED_EVENTS=[Ljavax.media.mscontrol.EventType;@12544bd3, VOLUME_CHANGE=3, BARGE_IN_ENABLED=false, PLAYER_MAX_DURATION=-1, PLAYER_START_PAUSED=false, TTS_SPEECH_LANGUAGE=English-Female4, JUMP_PLAYLIST_INCREMENT=1}) #[N/A][N/A]

But with promptLogSecurity set to "suppress", the log line becomes:

May 6 23:16:27.161 rt1.dev.wdc.sl.tropo.com PRISM 5045948/5059285/202c429ed9d079e43ff7c51c443a3611/176a6b5550b489694db22466c8f8c982/1/237805827_56208290@67.231.5.176/[Tropo-Thread-176a6b5550b489694db22466c8f8c982]/#MSCTRL#: Player[IDLE, MG[ms1-1979, mg2, INITIALIZED]] play(streamIds={application/ssml+xml,<?xml version="1.0" encoding="UTF-8"?><speak>{supressed}</speak>}, rtcs=null, optargs={PLAYER_FILE_FORMAT=FORMAT_INFERRED, BEHAVIOUR_IF_BUSY=STOP_IF_BUSY, VOICE_NAME=null, PLAYER_START_OFFSET=0, PLAYER_JUMP_TIME=5000, PLAYER_AUDIO_CODEC=CODEC_INFERRED, PLAYER_ENABLED_EVENTS=[Ljavax.media.mscontrol.EventType;@12544bd3, VOLUME_CHANGE=3, BARGE_IN_ENABLED=false, PLAYER_MAX_DURATION=-1, PLAYER_START_PAUSED=false, TTS_SPEECH_LANGUAGE=English-Female4, JUMP_PLAYLIST_INCREMENT=1}) #[N/A][N/A]

This is available in the following Tropo methods:

say
Prevents logging of the TTS string used in the "say". say("prompt")
ask
Prevents logging of the TTS string as the prompt in the ask. ask("prompt")
record
Prevents logging of the TTS string as the prompt in the record. record("prompt")
message
Prevents logging of the TTS string used..
call
Prevents logging of the introduction parameter when using machine detection.
transfer
Prevents logging of the introduction parameter when using machine detection.
conference
Prevents logging of the string used as the joinPrompt or leavePrompt.


Suppressing Input

When using Tropo's ask() method to collect input from the user, you can also prevent the user's input from appearing in the logs, whether the input mode is "voice" or "dtmf". Using the parameter asrLogSecurity you can supress the input entirely, or if the input is all numeric, you can choose to mask it so only a portion appears in your logs, similar to how you might show only the last four digits of a credit card in a web interface.

The following example shows only the first two digits of the account number the user entered.

ask("Say or enter your account number.",  {
  asrLogSecurity: "mask",
  maskTemplate: "DD-"
  });
ask "Say or enter your account number.",  {
  :asrLogSecurity => "mask",
  :maskTemplate => "DD-"
  }
<?php
ask("Say or enter your account number.",  array(
  "asrLogSecurity" => "mask",
  "maskTemplate" => "DD-"
  ));
?>
ask("Say or enter your account number.",  {
  "asrLogSecurity": "mask",
  "maskTemplate": "DD-"
})
ask("Say or enter your account number.",  [
  "asrLogSecurity": "mask",
  "maskTemplate": "DD-"
]);

The asrLogSecurity parameter can also be set to "suppress" if you wish to not log any portion of the content. The maskTemplate parameter is a masking pattern constructed of three characters. "D" in any postion indicates that Tropo should log the digit that appears at that position. "X" in a position tells Tropo to suppress the digit appearing at that position, and Tropo will replace it with a "*". A hyphen or dash "-" tells Tropo to replace one or more digits with a star. Some examples, each using the string "123456789" as the input.

  • D- becomes 1********
  • -DDD becomes ******789
  • XXDD- becomes **34*****
  • -D becomes ********9
  • DD-D becomes 12******9
  • -DX becomes *******8*
  • XD- becomes *2*******
  • XD-DX becomes *2*****8*
  • -DXD becomes ******7*9
  • XXDDDDDXX becomes **34567**
  • XDXDXDXDX becomes *2*4*6*8*
  • DXDXDXDXD becomes 1*3*5*7*9


Suppressing Everything

Because Tropo cannot anticipate all situations where a Scripting language, your application, or an action like fetching a URL that contains private data might log information that you wish to be hidden. To prevent this potential for log leakage, Tropo provides an API function generalLogSecurity() that can turn off all logging on the Tropo platform. When called with a value of suppress (like generalLogSecurity("suppress"), nothing that happens in your script from that point forward will be logged. Even information you explicitly log with the Scripting API log() function will be dropped without logging it.

Tu turn logging back on after you have asked Tropo to suppress logging, call generalLogSecurity again with a value of none: generalLogSecurity("none"). All logs that occur starting from the point at which you call it will now appear.

Because all Tropo functions are blocking functions, it is safe to enable logging after running a Tropo function without fear that residual activities will occur and be logged.

If logging is disabled with generalLogSecurity, instructing Tropo to log a prompt with promptLogSecurity("none") or asrLogSecurity("mask") will not cause Tropo to log that data. Suppressing logs with generalLogSecurity is absolute.

Some potions of a call are logged before your application is activated. These portions will still be logged, since at this point, your application has not run, so Tropo doesn't know you want to suppress logging yet. This includes the SIP signalling that starts a call, the Session API request made to start your application, and the full content of your Scripting API code that's logged at the start of each session. Prior to using log suppression in production, we recommend testing your intended use of generalLogSecurity and evaluating the resulting log file to determine if you have information leaking into the logs.

A note on inheritance

The log security directives are not inherited by callback functions within your script. For example, when an ask() method that has promptLogSecurity set to suppress contains an onError callback, prompts inside that callback are not suppressed unless the promptLogSecurity is also applied directly to them. An example, in Javascript:

ask("Say or enter your account number.",  {
  promptLogSecurity: "suppress",
  onError: function(event) {
    say("This is not suppressed");
    say("To suppress, set promptLogSecurity directly", {promptLogSecurity: "suppress"})
  }
  });


WebAPI

When using the WebAPI, Tropo logs the entire JSON response that your application sends back to our servers. Because these often have prompts in them, and Tropo does not know at load time which prompts should be suppressed an which should be logged, Tropo will suppress logging of the complete JSON document if the JSON contains the string "LogSecurity" anywhere in it. This way, a single prompt with promptLogSecurity or a single ask with asrLogSecurity enabled will prevent logging of the complete JSON string.

During the execution of your Tropo application, the actual prompts and input will be logged as normal, except for the ones where promptLogSecurity or asrLogSecurity are set to suppress or mask.