Use a Custom Trace Listener to Filter Sensitive Application data in Messages

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use a Custom Trace Listener only when you need a message filter for filtering application-specific personally identifiable information (PII) elements from messages before logging. By using a custom listener with additional options you can have more control over the messages to be logged.
Adding a custom trace listener on the Message Logging trace source is a privilege that should be restricted to the administrator. This is because malicious custom listeners can be configured to send messages remotely, which leads to sensitive information disclosure. In addition, if you configure a custom listener to send messages on the wire, such as, to a remote database, you should enforce proper access control on the message logs in the remote machine.

The following demonstrates a custom listener configuration.
<system.diagnostics>
   <sources>
     <source name="System.ServiceModel.MessageLogging">
           <listeners>
             <add name="MyListener" 
                    type="YourCustomListener"
                    initializeData="c:\logs\messages.svclog"
                    maxDiskSpace="1000"/>
           </listeners>
     </source>
   </sources>
</system.diagnostics>

Additional Resources

Last edited Jun 12, 2008 at 8:48 PM by prashantbansode, version 1

Comments

alhambraeidos Apr 9, 2010 at 12:38 PM 
Hi,

any sample code of YourCustomListener ??

thanks