Tuncate IP addresses
Output filter: ip-truncate-fields¶
This plugin replaces IP addresses with an anonymized string, replacing the last block of an IP address with "0".
Example (client_ip field):
- IPv4: 192.168.1.22 -> 192.168.1.0
- IPv6: 2001:db8:0:0:0:ff00:42:8329 -> 2001:db8:0:0:0:ff00:42:0
All occurrences of the IP address are replaced in the log "message" fields with the new value.
Example (message field): "Client connect 192.168.1.22" -> "Client connect 192.168.1.0"
In the context of data protection regulations like GDPR, you might need to mask data fields, especially when you handover log data to 3rd parties.
For a stronger protection check other output plugins:
Configuration¶
Add the following section 'outputFilter' to the Logagent configuration file. Please note you could use the plugin with multiple configurations for different event sources.
# tail web server logs
input:
files:
- '/var/log/*/access_log'
# log agent parses web server logs out of the box ...
outputFilter:
iptruncate:
module: ip-truncate-fields
# JS regular expression to match log source name
matchSource: !!js/regexp access_log
fields:
- client_ip
Run Logagent with your config:
logagent --config logagent-example-config.yml -n httpd --yaml
The output replaced IP '::1' with '::0':
logSource: httpd
_type: access_common
client_ip: ::0
remote_id: -
user: null
method: GET
path: /
http_version: HTTP/1.1
status_code: 304
size: 0
@timestamp: Thu Apr 26 2018 22:02:26 GMT+0200 (CEST)