[rsyslog] anonymizing ip addresses
david at lang.hm
Mon Jan 21 23:58:27 CET 2013
On Mon, 21 Jan 2013, Micah Anderson wrote:
>> Note that adiscon will write the C code to make a filter like this for around
>> 500 euro, so if you don't want to do it yourself, you can have them do it.
> The problem isn't writing the C code, I can do that. The problem is that
> having to write C means having to compile it and distribute my own
> version of rsyslog, and everyone else who would like to use that
> facility would also need to do so, or I need to spend a lot of time
> trying to get it included upstream. All of that together is enough to
> make me pick another syslog solution that can do it with a couple of
> configuration lines.
a few things to consider.
first, check that the other syslog implementation lets you do it in a free
version instead of requiring a paid version. I've seen people make this
statement about other features, only to find out that the feature is only in the
second, what is the performance of doing this (and does it matter at your log
volume) a general regex search and replace is a fairly expensive operation.
third, one of the big advantages of having adiscon do this is that it makes the
improvement part of the core rsyslog distribution, so you don't have to go to
the effort of maintaining and distributing your own vesion
fourth, if you switch to a different syslog implementation, you have to
distribute that (short term, this is not a difference, it will take your distro
some time to catch up to the version of rsyslog that includes the improvements)
More information about the rsyslog