I would look at using mmnormalize to parse the message and then make an output
template that puts the message back together.
David Lang
On Wed, 27 Nov 2024, Möller, Roman (extern) via rsyslog wrote:
Date: Wed, 27 Nov 2024 17:43:29 +0000
From: "Möller, Roman (extern) via rsyslog" <rsyslog@lists.adiscon.com>
To: "rsyslog@lists.adiscon.com" <rsyslog@lists.adiscon.com>
Cc: "Möller, Roman (extern)" <roman.moeller.ext...@autobahn.de>
Subject: [rsyslog] Anonymize part of msg
Hello subscribers,
i've got a msg with the following example content:
The User: John has logged in to the application app.example.com
For data privacy reasons I want to remove or anonymize "John" from the Message.
A desired output would be:
The User: has logged in to the application app.example.com
Or
The User: *** has logged in to the application app.example.com
I've experimented with https://www.rsyslog.com/regex/ so far but I am only able
to get the first part of the Message (The User:) but not the whole without the
user.
Is it even possible to realize my use case with rsyslog?
Kind regards and thanks in advance
R. Moeller
+++ Verkehrsmeldungen und alles rund um die Autobahn finden Sie in unserer App:
Autobahn.de/app<https://www.autobahn.de/app> +++
Die Autobahn GmbH des Bundes
Rechtsform: GmbH
Sitz: Heidestraße 15 · 10557 Berlin · AG Charlottenburg · HRB 200131 B
Geschäftsführung: Dr. Michael Güntner (Vorsitzender),
Dirk Brandenburger, Sebastian Mohr
Vertraulichkeitshinweis
Diese Nachricht und jeder etwaig uebermittelte Anhang beinhalten vertrauliche
Informationen und sind nur fuer die Personen oder Unternehmen bestimmt, an
welche sie tatsaechlich gerichtet sind. Sollten Sie nicht der
bestimmungsgemaesse Empfaenger sein, weisen wir Sie darauf hin, dass die
Verbreitung, das (auch teilweise) Kopieren sowie der Gebrauch der empfangenen
E-Mail und der darin enthaltenen Informationen verboten sind und gegebenenfalls
Schadensersatzpflichten ausloesen können. Sollten Sie diese Nachricht aufgrund
eines Uebermittlungsfehlers erhalten haben, bitten wir Sie, den Absender
unverzueglich hiervon in Kenntnis zu setzen.
Sicherheitswarnung: Bitte beachten Sie, dass das Internet kein sicheres
Kommunikationsmedium ist. Obwohl wir im Rahmen unseres Qualitaetsmanagements
und der gebotenen Sorgfalt Schritte eingeleitet haben, um einen
Computervirenbefall weitestgehend zu verhindern, koennen wir wegen der Natur
des Internet das Risiko eines Computervirenbefalls dieser E-Mail nicht
ausschliessen.
Confidentiality note
This notice and any attachments which are transmitted contain confidential
information and are intended only for the persons or companies to whom they are
actually addressed. If you are not the intended recipient, please note that the
distribution, copying (even partial) and use of the received e-mail and the
information contained in the e-mail are prohibited and may result in a possible
liability for damages. Should you have received this message due to a
transmission error, we ask you to inform the sender immediately.
Safety warning: Please note that the Internet is not a safe means of
communication or form of media. Although we are continuously increasing our due
care of preventing virus attacks as a part of our Quality Management, we are
not able to fully prevent virus attacks as a result of the nature of the
Internet.
Hinweis zur Datenverarbeitung / Link to data protection policy:
https://www.autobahn.de/datenschutz
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
