I am new to syslog-ng and would like some help on the pattern matching and the substitution option. Currently the requirement is to substitute a parameter in the message with a random value in order to anonymize it.<br><br>
<b><u>For example:</u></b><br><br>Dec 31 23:13:25 servername sshd[25218]: Failed keyboard-interactive/pam for <b>user1</b> from 10.x.x.x port 47325 ssh2<div><br></div><div>If I create a pattern database for this message and pick out the username using the string and substitute it user1 to say anon1, will I be able to store the original-substituted value pair for this user and use it repeatedly?</div>
<div>Would I be able to do it for all the subsequent logs?</div><div><br></div><div>To be more clear, an example substitution process that must happen as the logs arrive and the patterns are matched.</div><div>log with user1 arrives and is substituted by anon1</div>
<div>log with user2 arrives and is substituted by anon2</div><div>again log with user1 arrives and is again substituted by anon1</div><div>log with user3 arrives and is substituted by anon3</div><div>again log with user2 arrives and is again substituted by anon2</div>
<div>.</div><div>.</div><div>.</div><div>.</div><div>This is required so that once the usernames are substituted for attaining anonymity, there must be a way to reverse them for audit purposes.</div><div><br></div><div><br>
-- <br>Thanks and regards,<br>AS<br><br></div>