[syslog-ng] Message parameter substitution
Anup Shetty
anupdshetty at gmail.com
Wed Dec 21 10:01:12 CET 2011
I am new to syslog-ng and would like some help on the pattern matching and
the substitution option. Currently the requirement is to substitute a
parameter in the message with a random value in order to anonymize it.
*For example:*
Dec 31 23:13:25 servername sshd[25218]: Failed keyboard-interactive/pam for
*user1* from 10.x.x.x port 47325 ssh2
If I create a pattern database for this message and pick out the username
using the string and substitute it user1 to say anon1, will I be able to
store the original-substituted value pair for this user and use it
repeatedly?
Would I be able to do it for all the subsequent logs?
To be more clear, an example substitution process that must happen as the
logs arrive and the patterns are matched.
log with user1 arrives and is substituted by anon1
log with user2 arrives and is substituted by anon2
again log with user1 arrives and is again substituted by anon1
log with user3 arrives and is substituted by anon3
again log with user2 arrives and is again substituted by anon2
.
.
.
.
This is required so that once the usernames are substituted for attaining
anonymity, there must be a way to reverse them for audit purposes.
--
Thanks and regards,
AS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111221/6d6763dc/attachment.htm
More information about the syslog-ng
mailing list