Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RSyslog: users

howto anonymise logs

 

 

RSyslog users RSS feed   Index | Next | Previous | View Threaded


rodney.mckee at gmail

Feb 21, 2012, 6:29 PM

Post #1 of 2 (248 views)
Permalink
howto anonymise logs

Hello,

I'm wondering if it is possible to anonymise email addresses in a log using rsyslog. I've had a read through the mmnormalize plugin but we are currently only running 5.8.5 and not > 6.1.2 and it looks to need logging to a DB which we do not do.

I'd like to effectively search for any email address in a log line and replace it with something like anonymised_data [at] anonymised_data
Yes I know that the regex for a valid email is insane but I'm looking to start with something simple.

Rgds
Rodney
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


david at lang

Feb 21, 2012, 10:08 PM

Post #2 of 2 (229 views)
Permalink
Re: howto anonymise logs [In reply to]

On Wed, 22 Feb 2012, Rodney McKee wrote:

> Hello,
>
> I'm wondering if it is possible to anonymise email addresses in a log using rsyslog. I've had a read through the mmnormalize plugin but we are currently only running 5.8.5 and not > 6.1.2 and it looks to need logging to a DB which we do not do.
>
> I'd like to effectively search for any email address in a log line and replace it with something like anonymised_data [at] anonymised_data
> Yes I know that the regex for a valid email is insane but I'm looking to start with something simple.

well, assuming that you can get a regex you are happy with, and assuming
that there is only one e-mail per line of logs, I would look at doing
something along the lines of a custom template that for the message part
was something like

(regex match for the part before the e-mail address)dummy [at] addres(regex match for the part after the e-mail address)

you really may be better off doing this in a separate program, do
something like have rsyslog write the log to a temporary location, then
run it through sed to 'fix' e-mail addresses and put the result in the
final location.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

RSyslog users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.