Http server log file anonymizer
cat /var/log/httpd/access_log | ipv6loganon [OPTIONS]
This program anonymizes IPv4/IPv6 addresses in HTTP server log files
Takes data from stdin, proceed it to stdout
Depending on the anonymization method, address parts (prefix/interface identifier) are
simply zeroized by given masks
anonymized by zeroizing only required bits (partially depending on given masks) IID: EUI-48/64: serial number would be zero'ed, keeping OID ISATAP: client IPv4 address would be anonymized by given IPv4 mask TEREDO: client IPv4 address would be anonymized by given IPv4 mask, client port would be zero'ed 6to4(Microsoft): client IPv4 address would be anonymized by given IPv4 mask local: whole IID would be zero'ed (except if privacy extension was detected, then replaced by a special token) Prefix: IPv6 addresses including IPv4 address of client would be anonymized by given IPv4 mask
anonymized by try to keep for IPv4 and IPv6 addresses (keep-type-asn-cc) type of address Autonomous System Number (ASN) Country Code (CC)
This method requires an IPv4/IPv6 to Country Code and ASN resolution, provided by GeoIP
Big advantage: ipv6logstats(8) result should be the same as with raw data
Anonymized IPv4 addresses are from experimental range 240.0.0.0/8 Anonymized IPv6 addresses are using (currently hijacked) prefix a909::/16 Anonymized IPv6 IID is starting with a9x9 (x = anonymized nibbles of SLA)
General options:
[-d|--debug DEBUGVALUE] : debug value (bitwise like) can also be set by IPV6CALC_DEBUG environment value
[-v|--version [-v [-v]]] : version information (2 optional detail levels)
[-v|--version -h] : explanation of feature tokens
<TP [-V|--verbose] : be more verbose
[-h|--help|-?] : this online help
External database options (depending on compiled-in suppport):
[--db-ip2location-disable ] : IP2Location support disabled
[--db-ip2location-dir DIRECTORY] : IP2Location database directory (default: /usr/share/IP2Location)
[--db-geoip-disable ] : GeoIP support disabled
[--db-geoip-dir DIRECTORY] : GeoIP database directory (default: /usr/share/GeoIP)
Input/output options:
[-w|--write] : write output to file instead of stdout
[-a|--append] : append output to file instead of stdout
[-f|--flush] : flush output after each line
[-V|--verbose] : be verbose
Performance options:
[-n|--nocache] : disable caching
[-c|--cachelimit VALUE] : set cache limit
default: 20
maximum: 200
Processing options:
Shortcut for anonymization presets:
--anonymize-standard (default)
--anonymize-careful
--anonymize-paranoid
Supported methods [--anonymize-method METHOD]:
anonymize : reliable anonymization, keep as much type information as possible
zeroize : simple zeroizing according to given masks, probably loose type information
keep-type-asn-cc: special reliable anonymization, keep type & Autonomous System Number and CountryCode
Available presets (shortcut names) [--anonymize-preset PRESET-NAME]:
anonymize-standard (as): mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=anonymize
anonymize-careful (ac): mask-ipv6= 48 mask-ipv4=20 mask-eui64=24 mask-mac=24 mask-autoadjust=yes method=anonymize
anonymize-paranoid (ap): mask-ipv6= 40 mask-ipv4=16 mask-eui64= 0 mask-mac=24 mask-autoadjust=no method=anonymize
zeroize-standard (zs): mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=zeroize
zeroize-careful (zc): mask-ipv6= 48 mask-ipv4=20 mask-eui64=24 mask-mac=24 mask-autoadjust=yes method=zeroize
zeroize-paranoid (zp): mask-ipv6= 40 mask-ipv4=16 mask-eui64= 0 mask-mac=24 mask-autoadjust=no method=zeroize
keep-type-asn-cc (kp): mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=keep-type-asn-cc
Custom control:
--mask-ipv4 BITS : mask IPv4 address [0-32] (even if occurs in IPv6 address)
--mask-ipv6 BITS : mask IPv6 prefix [0-64] (only applied to related address types)
--mask-eui64 BITS : mask EUI-64 address or IPv6 interface identifier [0-64]
--mask-mac BITS : mask MAC address [0-48]
--mask-autoadjust yes|no: autoadjust mask to keep type/vendor information regardless of less given mask
Original lines (stdin):
207.46.98.53 - - [01/Jan/2007:00:01:15 +0100] "GET /Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)" 253 6334
2002:52b6:6b01:1:216:17ff:fe01:2345 - - [10/Jan/2007:15:04:28 +0100] "GET /favicon.ico HTTP/1.1" 200 4710 "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text" 413 5005
Modified lines (stdout):
207.46.98.0 - - [01/Jan/2007:00:01:15 +0100] "GET /Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)" 253 6334
2002:52b6:6b00:0:216:17ff:fe00:0 - - [10/Jan/2007:15:04:28 +0100] "GET /favicon.ico HTTP/1.1" 200 4710 "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text" 413 5005
Anonymization method: keep-type-asn-cc
echo "1.2.3.4" | ./ipv6loganon --anonymize-preset keep-type-asn-cc
246.24.59.65
echo "2001:a60:1400:1201:221:70ff:fe01:2345" | ./ipv6loganon --anonymize-preset keep-type-asn-cc
a909:16fa:9092:23ff:a909:4291:4022:1708
ipv6calc(8), ipv6logstat(8)
Report bugs to <[email protected]> or to the authors.
Homepage: http://www.deepspace6.net/projects/ipv6calc.html
GPLv2
Peter Bieringer <[email protected]>