david at lang
Feb 21, 2012, 10:08 PM
Post #2 of 2
On Wed, 22 Feb 2012, Rodney McKee wrote:
> I'm wondering if it is possible to anonymise email addresses in a log using rsyslog. I've had a read through the mmnormalize plugin but we are currently only running 5.8.5 and not > 6.1.2 and it looks to need logging to a DB which we do not do.
> I'd like to effectively search for any email address in a log line and replace it with something like anonymised_data [at] anonymised_data
> Yes I know that the regex for a valid email is insane but I'm looking to start with something simple.
well, assuming that you can get a regex you are happy with, and assuming
that there is only one e-mail per line of logs, I would look at doing
something along the lines of a custom template that for the message part
was something like
(regex match for the part before the e-mail address)dummy [at] addres(regex match for the part after the e-mail address)
you really may be better off doing this in a separate program, do
something like have rsyslog write the log to a temporary location, then
run it through sed to 'fix' e-mail addresses and put the result in the
rsyslog mailing list