 |
|
Anonymize IP Adresses in Syslog NG
There was a syslog-ng anon patch, which was included in the debian package of syslog-ng, version 2. Debian squeeze uses syslog-ng version 3, which comes without the patch. But you can use rewrite:
rewrite r_identifier { subst("regex to search for", "text to replace", value("MESSAGE")); };
and in the log definition, include the rewrite statement:
log {
.....
rewrite(r_identifier);
......
}
so a possible statement for ip removal is :
rewrite r_ip { subst("([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}", "\[Removed IP Address\]", value("MESSAGE"), type('pcre'), flags('global')); };
you can also add flags to the rewrite statement, like 'global' or 'ignore-case'
Declaration:
rewrite <name_of_the_rule>
{subst("<string or regular expression to find>", "<replacement string>", value(<field name>), flags());};
i've attached the manual for syslog-ng 3, the part on rewriting messages is in chapter 3.10
-- McP - 17 Apr 2011 
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 pdf |
syslog-ng-v3.0-guide-admin-en_0.pdf | manage | 3 MB | 17 Apr 2011 - 22:21 | UnknownUser |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 18 Apr 2011, McP
- Devel Web
- Home
- What's new
- Topics
- Search
-
RSS Feed
- Tech working groups
- IMC Tech
- Sysadmin
- DNS
- Listwork
- IMC Docs
- IRCd
- IMC Security
- Global Website
- IMC Database
- Keyserver
- SoS
- All sections
- Global network
- Local IMCs
- Tech
- Sandbox
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback