[syslog-ng] IPv6 rewrite rule PVCE
strife at riseup.net
strife at riseup.net
Wed Feb 13 12:09:38 CET 2013
Hi,
I want to anonymize certain logs, ie. remove IP addresses. Thanks to the
advice/experiments by Micah from Riseup, I have the following. It works
fine for IPv4:
rewrite r_ip {
subst('([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}', "\[REDACTED\]",
value("MESSAGE"), type("pcre"), flags("global"));
};
I tried to extend this to IPv6 using the IPV6 PCRE expression found at
http://home.deds.nl/~aeron/regex/ :
subst('/(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})\z/i',
"\[REDACTED\]", value("MESSAGE"), type("pcre"), flags("global"));
When I test the expression using pcretest, it successfully matches IPv6
addresses in text. In syslog-ng, it does not.
Any ideas?
Thanks!
--
strife
More information about the syslog-ng
mailing list