Slightly better lua script to sanitizing messages:
----------------------------------------
require "string"
function process_message ()
local message = read_message("Payload")
local matches = 0
local i = 1
while true do
local match = read_config("match_" .. i)
local replace = read_config("replace_" .. i)
if match==nil then break end
message, matches = string.gsub(message, match, replace)
i = i + 1
end
write_message("Payload", message)
return 0
end
function timer_event(ns)
end
--------------------------------------------
You can specify the patters via config:
[SanitizeDecoder.config]
match_1 = "password=[%a%d]+"
replace_1 = "password=[filtered]"
match_2 = 'custid=[%a%d%%]+'
replace_2 = "custid=[filtered]"
On Tue, Jan 20, 2015 at 3:29 PM, Michael Giannini <
[email protected]> wrote:
> Thanks! I ended up creating a lua decoder:
>
> ------------------------------------------------
> require "string"
>
> function process_message ()
> local message = read_message("Payload")
> local matches = 0
>
> message, matches = string.gsub(message, 'password=[%a%d]+',
> "password=[filtered]")
> message, matches = string.gsub(message, 'custid=[%a%d%%]+',
> "custid=[filtered]")
>
> write_message("Payload", message)
> return 0
> end
>
> function timer_event(ns)
> end
> --------------------------------------------------
>
> Any thoughts on how crappy this decoder is?
> --Michael
>
> On Tue, Jan 20, 2015 at 9:48 AM, Michael Trinkala <[email protected]>
> wrote:
>
>> You can strip it in a SandboxDecoder (on the way into Heka) or in a
>> SandboxEncoder (on the way out) depending on your requirements. You would
>> just do a search and replace on the request_uri (if you are using the
>> common log format grammars).
>>
>> On another note, having sensitive information in the URI is a bad idea,
>> there are several way it can be leaked.
>>
>> Trink
>>
>>
>>
>> On Mon, Jan 19, 2015 at 1:50 PM, Michael Giannini <
>> [email protected]> wrote:
>>
>>> Hi All,
>>>
>>> I looking for a way to remove sensitive information (passwords, users,
>>> etc) from messages sent to heka. I'd like to centralize the filtering
>>> thorough heka using the server or damon worker. Is this possible?
>>>
>>> for example: www.sensetive.site?password=23423346&user=kioberh. How do
>>> I replace the password/user with [filtered]?
>>>
>>> Thanks,
>>> Michael
>>>
>>> _______________________________________________
>>> Heka mailing list
>>> [email protected]
>>> https://mail.mozilla.org/listinfo/heka
>>>
>>>
>>
>
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka
