[rsyslog] anonymizing ip addresses

David Lang david at lang.hm
Mon Jan 21 23:58:27 CET 2013


On Mon, 21 Jan 2013, Micah Anderson wrote:

>> Note that adiscon will write the C code to make a filter like this for around
>> 500 euro, so if you don't want to do it yourself, you can have them do it.
>
> The problem isn't writing the C code, I can do that. The problem is that
> having to write C means having to compile it and distribute my own
> version of rsyslog, and everyone else who would like to use that
> facility would also need to do so, or I need to spend a lot of time
> trying to get it included upstream. All of that together is enough to
> make me pick another syslog solution that can do it with a couple of
> configuration lines.

a few things to consider.

first, check that the other syslog implementation lets you do it in a free 
version instead of requiring a paid version. I've seen people make this 
statement about other features, only to find out that the feature is only in the 
paid version.

second, what is the performance of doing this (and does it matter at your log 
volume) a general regex search and replace is a fairly expensive operation.

third, one of the big advantages of having adiscon do this is that it makes the 
improvement part of the core rsyslog distribution, so you don't have to go to 
the effort of maintaining and distributing your own vesion

fourth, if you switch to a different syslog implementation, you have to 
distribute that (short term, this is not a difference, it will take your distro 
some time to catch up to the version of rsyslog that includes the improvements)


More information about the rsyslog mailing list