You are here: Foswiki>Devel Web>AnonIPSyslogNg (18 Apr 2011, McP)Edit Attach

Anonymize IP Adresses in Syslog NG

There was a syslog-ng anon patch, which was included in the debian package of syslog-ng, version 2. Debian squeeze uses syslog-ng version 3, which comes without the patch. But you can use rewrite:

rewrite r_identifier { subst("regex to search for", "text to replace", value("MESSAGE")); };

and in the log definition, include the rewrite statement:

log {

so a possible statement for ip removal is :

rewrite r_ip { subst("([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}", "\[Removed IP Address\]", value("MESSAGE"), type('pcre'), flags('global')); };

you can also add flags to the rewrite statement, like 'global' or 'ignore-case'

rewrite <name_of_the_rule>
{subst("<string or regular expression to find>", "<replacement string>", value(<field name>), flags());};

i've attached the manual for syslog-ng 3, the part on rewriting messages is in chapter 3.10

-- McP - 17 Apr 2011
Topic revision: r2 - 18 Apr 2011, McP
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback