Am 31.08.2011 14:22, schrieb Dave Steinberg: > On 8/31/2011 7:39 AM, Christian Doering wrote: >> Hello, >> >> is there a way to write IP addresses only anonymizied to the logfile(s)? >> I would like to implement this to comply to german telecommunication >> laws. Altering the last byte (to 0 i.e.) would suffice. Or setting it to >> the loopback IP (like the apache module removeip does). >> >> The proxy runs without any problem, I don't need the client IP for >> debugging, blocking or billing. But turning logging off completely >> doesn't seem a good idea either. > > Pound doesn't support this natively, but your syslog package might. > There are anonymizing modules for rsyslog and syslog-ng, though I > haven't tried them personally. > > Regards,
So, I tried to set some custom rules for my log facility. The proxy runs on debian lenny (5.0) with rsyslog. I activated the log facility in pound.cfg and set apache style: LogFacility rsyslogd LogLevel 3 and modified its config (/etc/rsyslog.conf): # all daemon.* msgs which DON'T originate from pound !-pound daemon.* -/var/log/daemon.log ... ######################### #### Pound Rev-Proxy #### ######################### # apache format with vhosts, client IP / user information substitued $template POUND_AnonymizedFormat,"%msg:F,32:2% 0.0.0.0 - - %msg:R:\[.*$--end%\n" # anything from pound goes here !pound daemon.=info /var/log/pound/pound.log;POUND_AnonymizedFormat daemon.warn /var/log/pound/pound.warn # drop all pound msgs, so no following debug.* rule may catch them :programname, isequal, "pound" ~ I used block filter to direct msgs, and a custom template for pound info msg. The template definition is on a single line. Warning msgs seem not in apache format (I found just one with a bad header warning), so the default template is used for them. If this is used with an other log level, the template has to be altered according to the new output. Since there might be stuff added by the log facility, a template with just %msg% helped me see what pound sends to rsyslog. This just my quick approach to solve my Problem, if there is a nicer solution, I'd like to hear from it. Perhaps a log level for IP/user masking could be implemented in pound in a future release. Regards, Christian Doering -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
