.TH "ipv6loganon" "8" "0.99.0" "Peter Bieringer " "system tools" .SH "NAME" ipv6loganon \- HTTP server log file anonymizer .SH "SYNOPSIS" cat /var/log/httpd/access_log | \fBipv6loganon\fR [\fIOPTIONS\fR] .SH "DESCRIPTION" This program anonymizes IPv4/IPv6 addresses in HTTP server log files Takes data from stdin, processes it to stdout. Depending on the anonymization method, address parts (prefix/interface identifier) are 1. simply \fBzeroized\fR by given masks. .PP 2. \fBanonymized\fR by zeroizing only required bits (partially depending on specified masks). .PP 3. anonymized by trying to keep for IPv4 and IPv6 addresses (\fBkeep\-type\-asn\-cc\fR) When zeroing only required bits (mode 2) the possibilities are .TP IID: .RS .TP EUI\-48/64: serial number would be zero'ed, keeping OID ISATAP: client IPv4 address would be anonymized by given IPv4 mask TEREDO: client IPv4 address would be anonymized by given IPv4 mask, client port would be zero'ed .TP 6to4(Microsoft): client IPv4 address would be anonymized by given IPv4 mask .TP local: whole IID would be zero'ed (except if privacy extension was detected, then replaced by a special token) .RE .TP Prefix: IPv6 addresses including IPv4 address of client will be anonymized by the given IPv4 mask .PP When anonymizing with keep (mode 3) the relevant fields are: \fBtype\fR of address, Autonomous System Number (\fBASN\fR), and Country Code (\fBCC\fR) .PP This method requires an IPv4/IPv6 to Country Code and ASN resolution, provided by GeoIP .PP Big advantage: ipv6logstats(8) result should be the same as with raw data .PP Anonymized IPv4 addresses are from experimental range \fB240.0.0.0/8\fR .PP Anonymized IPv6 addresses are using (currently hijacked) prefix \fBa909::/16\fR .PP Anonymized IPv6 IID is starting with \fBa9x9\fR (x = anonymized nibbles of SLA) .SH "OPTIONS" .LP General options: .TP \fB[\-d|\-\-debug \fIDEBUGVALUE\fR\fB]\fR debug value (bitwise like) can also be set by IPV6CALC_DEBUG environment value .TP \fB[\-v|\-\-version [\-v [\-v]]]\fR version information (2 optional detail levels) .TP \fB[\-v|\-\-version \-h]\fR explanation of feature tokens .TP \fB[\-V|\-\-verbose]\fR be more verbose .TP \fB[\-h|\-\-help|\-?]\fR this online help .LP External database options (depending on compiled\-in suppport): .TP \fB[\-\-db\-ip2location\-disable]\fR IP2Location support disabled .TP \fB[\-\-db\-ip2location\-dir\fR \fIDIRECTORY\fR\fB]\fR IP2Location database directory (default: /usr/share/IP2Location) .TP \fB[\-\-db\-geoip\-disable]\fR GeoIP support disabled .TP \fB[\-\-db\-geoip\-dir\fR \fIDIRECTORY\fR\fB]\fR GeoIP database directory (default: /usr/share/GeoIP) .LP Input/output options: .TP \fB[\-w|\-\-write]\fR write output to file instead of stdout .TP \fB[\-a|\-\-append]\fR append output to file instead of stdout .TP \fB[\-f|\-\-flush]\fR flush output after each line .TP \fB[\-V|\-\-verbose]\fR be verbose .PP Performance options: .TP \fB[\-n|\-\-nocache]\fR disable caching .TP \fB[\-c|\-\-cachelimit \fIVALUE\fR\fB]\fR set cache limit. Default: \fB20\fR, maximum: \fB200\fR. .LP Processing options: .LP Shortcut for anonymization presets: .RS .IP \fB\-\-anonymize\-standard\fR (default) .IP \fB\-\-anonymize\-careful\fR .IP \fB\-\-anonymize\-paranoid\fR .RE .LP Supported methods \fB[\-\-anonymize\-method \fIMETHOD\fR\fB]\fR: .TP \fBanonymize\fR reliable anonymization, keep as much type information as possible .TP \fBzeroize\fR simple zeroizing according to given masks, probably loose type information .TP \fBkeep\-type\-asn\-cc\fR special reliable anonymization, keep type & Autonomous System Number and CountryCode. LP Available presets (shortcut names) [\-\-anonymize\-preset \fIPRESET\-NAME\fR]: .TP \fBanonymize\-standard\fR (\fBas\fR): mask\-ipv6= 56 mask\-ipv4=24 mask\-eui64=40 mask\-mac=24 mask\-autoadjust=yes method=anonymize .TP \fBanonymize\-careful\fR (\fBac\fR): mask\-ipv6= 48 mask\-ipv4=20 mask\-eui64=24 mask\-mac=24 mask\-autoadjust=yes method=anonymize .TP \fBanonymize\-paranoid\fR (\fBap\fR): mask\-ipv6= 40 mask\-ipv4=16 mask\-eui64= 0 mask\-mac=24 mask\-autoadjust=no method=anonymize .TP \fBzeroize\-standard\fR (\fBzs\fR): mask\-ipv6= 56 mask\-ipv4=24 mask\-eui64=40 mask\-mac=24 mask\-autoadjust=yes method=zeroize .TP \fBzeroize\-careful\fR (\fBzc\fR): mask\-ipv6= 48 mask\-ipv4=20 mask\-eui64=24 mask\-mac=24 mask\-autoadjust=yes method=zeroize .TP \fBzeroize\-paranoid\fR (\fBzp\fR): mask\-ipv6= 40 mask\-ipv4=16 mask\-eui64= 0 mask\-mac=24 mask\-autoadjust=no method=zeroize .TP \fBkeep\-type\-asn\-cc\fR (\fBkp\fR): mask\-ipv6= 56 mask\-ipv4=24 mask\-eui64=40 mask\-mac=24 mask\-autoadjust=yes method=keep\-type\-asn\-cc .LP Custom control: .TP \fB\-\-mask\-ipv4\fR \fIBITS\fR mask IPv4 address [0\-32] (even if occurs in IPv6 address) .TP \fB\-\-mask\-ipv6\fR \fIBITS\fR mask IPv6 prefix [0\-64] (only applied to related address types) .TP \fB\-\-mask\-eui64\fR \fIBITS\fR mask EUI\-64 address or IPv6 interface identifier [0\-64] .TP \fB\-\-mask\-mac\fR \fIBITS\fR mask MAC address [0\-48] .TP \fB\-\-mask\-autoadjust yes|no\fR autoadjust mask to keep type/vendor information regardless of less given mask .SH "EXAMPLES" Original lines (stdin): .PP 207.46.98.53 \- \- [01/Jan/2007:00:01:15 +0100] "GET /Linux+IPv6\-HOWTO/x1112.html HTTP/1.0" 200 6162 "\-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)" 253 6334 2002:52b6:6b01:1:216:17ff:fe01:2345 \- \- [10/Jan/2007:15:04:28 +0100] "GET /favicon.ico HTTP/1.1" 200 4710 "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U; Linux i686; en\-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9\-1.fc6 Firefox/1.5.0.9 pango\-text" 413 5005 .PP Modified lines (stdout): .PP 207.46.98.0 \- \- [01/Jan/2007:00:01:15 +0100] "GET /Linux+IPv6\-HOWTO/x1112.html HTTP/1.0" 200 6162 "\-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)" 253 6334 2002:52b6:6b00:0:216:17ff:fe00:0 \- \- [10/Jan/2007:15:04:28 +0100] "GET /favicon.ico HTTP/1.1" 200 4710 "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U; Linux i686; en\-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9\-1.fc6 Firefox/1.5.0.9 pango\-text" 413 5005 .LP Anonymization method: keep\-type\-asn\-cc .PP echo "1.2.3.4" | ./ipv6loganon \-\-anonymize\-preset keep\-type\-asn\-cc 246.24.59.65 .PP echo "2001:a60:1400:1201:221:70ff:fe01:2345" | ./ipv6loganon \-\-anonymize\-preset keep\-type\-asn\-cc a909:16fa:9092:23ff:a909:4291:4022:1708 .SH "SEE ALSO" ipv6calc(8), ipv6logstat(8) .SH "REPORTING BUGS" Report bugs to or to the authors. .PP Homepage: .UR http://www.deepspace6.net/projects/ipv6calc.html http://www.deepspace6.net/projects/ipv6calc.html .UE .SH "LICENSE" GPLv2 .SH "AUTHORS" Peter Bieringer