summaryrefslogtreecommitdiffstats
path: root/doc/mmanon.html
blob: b8691247270ffdee0d031ad729ba63384319ada9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta http-equiv="Content-Language" content="en">
<title>IP Address Anonimization Module (mmanon)</title></head>

<body>
<a href="rsyslog_conf_modules.html">back</a>

<h1>IP Address Anonimization Module (mmanon)</h1>
<p><b>Module Name:&nbsp;&nbsp;&nbsp; omjournal</b></p>
<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
<p><b>Available since</b>: 7.3.7</p>
<p><b>Description</b>:</p>
<p>The mmanon module permits to anonymize IP addresses. It is a message 
modification module that actually changes the IP address inside the message,
so after calling mmanon, the original message can no longer be obtained.
Note that anonymization will break digital signutures on the message, if
such exists.
<p>&nbsp;</p>

<p><b>Module Configuration Parameters</b>:</p>
<p>Currently none.
<p>&nbsp;</p>
<p><b>Action Confguration Parameters</b>:</p>
<ul>
<li><b>replacementChar</b><br>In simple mode, this sets the character
that the to-be-anonymized part of the IP address is to be overwritten
with. The default is "x".
</ul>

<p><b>Caveats/Known Bugs:</b>
<ul>
<li><b>This module is currently experimental.</b> This does not mean
the code is not solid. What it means is that the functionality is limited
and it got limited practice drill so far.
<li><b>only IPv4</b> is supported
<li>The anonymization replaces the numerical parts of the ip address.
However, the number of digits is not normalized. So one can probably
draw conlusions just based on the length of the various octets.
<li>Needed config parameters are missing.
</ul>

<p><b>Sample:</b></p>
<p>In this snippet, we write one file without anonymization and another one
with the message anonymized. Note that once mmanon has run, access to the 
original message is no longer possible (execept if stored in user
variables before anonymization).
<p><textarea rows="5" cols="60">module(load="mmanon")
action(type="omfile" file="/path/to/non-anon.log")
action(type="mmanon")
action(type="omfile" file="/path/to/anon.log")
</textarea>


<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual 
index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.rsyslog.com/">rsyslog</a> project.<br>
Copyright &copy; 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL 
version 3 or higher.</font></p>

</body></html>