Hello and thank you for your work on Orthanc.
I am verifying the deidentification of logs as described in the Collecting Logs section of the Orthanc Book:
- Provided that you have left the
DeidentifyLogs
configuration to itstrue
default value, Orthanc logs will not contain any sensitive patient information.
However, when I have the DICOM log-level set to trace
I do see identifying information such as the Patient Name. I have confirmed that I have not changed the default settings and I also have tried explicitly setting DeidentifyLogs
to true
.
I looked at the source code a bit and it seems that deidentification is implemented by the GetDeidentifiedContent
method in ServerContext.cpp:2015
. I see that this is called, for instance, in OrthancFindRequestHandler.cpp:359
where logging is at the INFO
level.
However, I do not see this called in DicomControlUserConnection.cpp:86
where the log level is TRACE
. I don’t know much C++ so I’m having trouble following everything, but from what I can tell, this trace-level log is taking output directly from DCMTK.
My questions:
- Is this a correct assessment of what is happening?
- If so, is there any way to deidentify these logs?
- If there is no way to deideintify these logs, is there a way to change the log file certain log levels are sent to?
Finally, I suggest that the above section of the Orthanc book be edited to make it clear that logs may not be anonymized at certain log-levels. I would be happy to send a patch if it is welcome.
Thanks for your help!