[syslog-ng] [patch] Add filters to strip unwanted data from incoming syslog messages.

Mon Jul 9 17:27:45 CEST 2007

On Mon, 09 Jul 2007 11:51:13 -0000, William Pitcock said:

> Hello,
> 
> A project that I am involved with has requirements for the ability to 
> strip personally identifiable data from their syslogs. The attached patch 
> allows us to accomplish this functionality.
> 
> I believe it would be useful if it is included in upstream syslog-ng. 
> Please consider it for inclusion in the next release.
> 
> Thanks in advance,

+############################################################
+## generic filters
+
+filter f_strip { strip(ips); };

It *appears* that this is the only place this .conf file does anything with the
new feature.  As such, it took me a long time to *find* it in there.  Oh, and
three references in the d_postfix, d_sympa, and d_courier segments.  It would
be a lot clearer if instead of a complete .conf file, you provided a very
minimalist example of how to use it (10-20 lines at most).

+  This patch has been tested against the following versions of syslog-ng:
+ 	. version 1.6.7
+ 	. Debian package syslog-ng_1.6.7-2

Does this need updating?  Your diff appears to actually be against 2.0.4.

Also, if you're going to all the trouble of creating a filter_replace_new
and filter_replace_eval, it might not be bad at all if you were to make
a more generalized feature out of it so that sites can use it to do more
than just IP addresses.  For instance, a site might need to do something like

filter f_userpass { replace("user=.* pass=.* ", "user=MASKED pass=MASKED"); }

or some such.  That's a *lot* more 'personal identifying' than just an IP
address.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070709/3d4a51d7/attachment.pgp