[syslog-ng] [PATCH] anonymizing filter

Evan Rempel erempel at uvic.ca
Fri Nov 30 20:44:47 CET 2007

Micah Anderson wrote:
> Hello,
> A couple years ago this patch was submitted to the list for
> consideration for inclusion into syslog-ng. I am writing this email
> again to request that it be considered again. The patch provides a
> simple replace which enables you to strip out IP addresses from your
> logs before they are written to disk. The patch has been included in the
> Debian stable distribution, and currently is included in both Debian Sid
> and Lenny (unstable and testing). It has had a very wide testing base
> and is non-intrusive, it has existed since 2004 and has been adapted to
> work with the newer syslog-ng. The goal of this patch is to give an
> organization the means to implement site logging policies, by allowing
> for easy control over exactly what data is retained in the logfiles.
> When I first requested consideration for inclusion the reactions were
> some suggestions for improvement (which were done), some side
> discussions about the various states of data retention laws, and a
> general agreement that this patch is non-intrusive and had a valid use
> case (at least in the U.S., but also likely in other countries as
> well[0]).

I don't want to imply that this patch is in any way undesirable. On the contrary
I think that it is very useful, however, the same result can be obtained by
the general message rewrite facility that has already been proposed. I would rather
have the authors work on the general message rewrite engine so that we can have a code
base that meets more needs, rather than specific needs.

Perhaps your patch is a good example of how to implement message rewriting and
could be a starting point for the author (I have not looked at any of the code, so
I can't comment on this aspect).

Just my $0.02

Evan Rempel

More information about the syslog-ng mailing list