On Tue, 31 May 2005 11:28:29 PDT, Elijah said:
Valdis.Kletnieks@vt.edu said:
Interesting. Does it apply the regexp to *the entire message* (a quick read of the code indicates so)? yes. perhaps it should not?
That's fine, as long as that's the documented and understood behavior. It occurred to me that probably some explicit decision should be made and documented regarding $HOST/$MACHINE - it's reasonable to *not* filter those, because if you're running a central syslog server, you probably want to *keep* the information that the message came from your NNTP server, but *redact* the end user's IP address in the NNTP server's logs. However, this may come as a surprise if a site has end-user IP addresses syslog()ing to the central server (no, I don't know why you'd do that, but it could happen ;)
Also, I see in make_filter_replace:
if (strcasecmp(re,"ips") == 0) { re = "...([\\.\\-](25
Was the \\- intended?
Many ISPs set the reverse dns to include the ip address in the form 69-90-134-155-myisp.com, so I thought it would be useful to remove those as well.
OK.. I can see why you'd want to do that. However, I'm not convinced that it's a good idea to try to clean up the text strings of PTR entries, as that's just providing a false sense of security. Consider these hosts: % host 195.197.6.1 % host 195.197.6.73 % host 195.197.6.74 You'll almost certainly end up with this in the logs. ;)
Any plans to expand that RE to cover IPv6 addresses? ;)
Yes. Alas, IPv6 is complicated. I had a pcre which worked, but had some difficulty converting it to regexp. Eventually, I plan to do so. Any suggestions for what the regexp should be?
No.. not at this time of the morning, sorry.. ;)