[syslog-ng] [PATCH] anonymizing filter

Rainer Wichmann rwichmann at la-samhna.de
Fri Nov 30 23:06:03 CET 2007

On Fri, 30 Nov 2007 14:04:52 -0600
William Pitcock <nenolod at sacredspiral.co.uk> wrote:

> Hi,
> As someone who operates systems where privacy is desired by their users,
> I have found this patch very useful. Infact, I found it so useful, that
> I did the initial port of this patch to syslog-ng 2.
> I was told things when I submitted it like "well, all of those apps you
> use should strip the data instead". It is very inconvenient (and if you
> use commercial software, impossible) to patch a bunch of daemons (the
> average server can have 30 or more daemons running!) when instead you
> can strip the information out in the log instead.


I would also highly welcome the inclusion of this patch, since it 
provides functionality that is required for legal reasons.

Existing privacy laws in Germany (and, I think, in other EU states as 
well) do not allow servive providers to log data that are not required for
providing their service. There has been a recent lawsuit in Germany
where the court has found that customary logging of IP adresses is illegal
(i.e. logging may only be enabled on a case-by-case basis, e.g. during a
DDoS attack).

It is very difficult right now to run a Linux (or Unix) system while 
complying with the law. Basically you would need to jump through loops
and run scripts to anonymize data that should never have hit the disk
in non-anonymized form. Thus I would be glad if it were possible to
strip IP adresses in syslog.


More information about the syslog-ng mailing list