[rsyslog-notify] Forum Thread: How can I replace a string with '****' in output - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Aug 5 17:18:13 CEST 2014
User: jholman
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24795#p24795
Message:
----------
We want to use rsyslog with elasticSearch and Kibana.
For privacy reasons we want to hide usernames in the log data stored in
elasticSearch and replace them by ‘********’ .
So I want to do need something like this (works in Perl):
s/(.*?[':\[\(\s])([a-zA-Z]{1,2}\d{5,6})(['\s\)\]]*.*?)/$1*****$3/g;
non greedy, global, incl. quotes, colon
I checked the following with the Regular Expression Checker/Generator:
(.*[':\[\([:blank:]])([[:alpha:]]{1,2}[[:digit:]]{5,6})(['[:blank:]\)\]]*.*)
That works, but how can I do the replace of the username in the original
message???
Like this:
2014-04-30T09:04:38+00:00 notice authpriv slot1/lxxcnlde50 notice
httpd[8329]: 01070417:5: AUDIT - user ******* - RAW: httpd(mod_auth_pam):
user=******* (*******) partition=[All] level=Administrator
tty=/usr/bin/tmsh host=192.168.178.186 attempts=1 start="Tue Apr 29
07:55:05 2014" end="Wed Apr 30 11:04:38 2014".
Is that possible? Can you give me a hint?
More information about the rsyslog-notify
mailing list