NAME¶
ipv6loganon - HTTP server log file anonymizer
SYNOPSIS¶
cat /var/log/httpd/access_log |
ipv6loganon [
OPTIONS]
DESCRIPTION¶
This program anonymizes IPv4/IPv6 addresses in HTTP server log files
Takes data from stdin, proceed it to stdout
Depending on the anonymization method, address parts (prefix/interface
identifier) are
-
simply zeroized by given masks
-
anonymized by zeroizing only required bits (partially depending on
given masks)
-
IID:
EUI-48/64: serial number would be zero'ed, keeping OID
ISATAP: client IPv4 address would be anonymized by given IPv4 mask
TEREDO: client IPv4 address would be anonymized by given IPv4 mask, client
port would be zero'ed
6to4(Microsoft): client IPv4 address would be anonymized by given IPv4 mask
local: whole IID would be zero'ed (except if privacy extension was
detected, then replaced by a special token)
Prefix:
IPv6 addresses including IPv4 address of client would be anonymized by
given IPv4 mask
-
anonymized by try to keep for IPv4 and IPv6 addresses (
keep-type-asn-cc)
-
type of address
Autonomous System Number ( ASN)
Country Code ( CC)
This method requires an IPv4/IPv6 to Country Code and ASN resolution,
provided by GeoIP
Big advantage: ipv6logstats(8) result should be the same as with raw data
Anonymized IPv4 addresses are from experimental range 240.0.0.0/8
Anonymized IPv6 addresses are using (currently hijacked) prefix
a909::/16
Anonymized IPv6 IID is starting with a9x9 (x = anonymized nibbles of
SLA)
OPTIONS¶
General options:
- [-d|--debug DEBUGVALUE] : debug value (bitwise like)
can also be set by IPV6CALC_DEBUG environment value
- [-v|--version [-v [-v]]] : version information (2 optional detail
levels)
- [-v|--version -h] : explanation of feature tokens
- <TP [-V|--verbose] : be more verbose
- [-h|--help|-?] : this online help
External database options (depending on compiled-in suppport):
- [--db-ip2location-disable ] : IP2Location support disabled
- [--db-ip2location-dir DIRECTORY] : IP2Location
database directory (default: /usr/share/IP2Location)
- [--db-geoip-disable ] : GeoIP support disabled
- [--db-geoip-dir DIRECTORY] : GeoIP database directory
(default: /usr/share/GeoIP)
Input/output options:
- [-w|--write] : write output to file instead of stdout
- [-a|--append] : append output to file instead of stdout
- [-f|--flush] : flush output after each line
- [-V|--verbose] : be verbose
- Performance options:
- [-n|--nocache] : disable caching
- [-c|--cachelimit VALUE] : set cache limit
-
default: 20
maximum: 200
Processing options:
Shortcut for anonymization presets:
- --anonymize-standard (default)
- --anonymize-careful
- --anonymize-paranoid
Supported methods
[--anonymize-method METHOD]:
- anonymize : reliable anonymization, keep as much type information
as possible
- zeroize : simple zeroizing according to given masks, probably loose
type information
- keep-type-asn-cc: special reliable anonymization, keep type &
Autonomous System Number and CountryCode
Available presets (shortcut names) [--anonymize-preset
PRESET-NAME]:
- anonymize-standard (as): mask-ipv6= 56 mask-ipv4=24
mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=anonymize
-
anonymize-careful (ac): mask-ipv6= 48 mask-ipv4=20
mask-eui64=24 mask-mac=24 mask-autoadjust=yes method=anonymize
anonymize-paranoid (ap): mask-ipv6= 40 mask-ipv4=16
mask-eui64= 0 mask-mac=24 mask-autoadjust=no method=anonymize
zeroize-standard (zs): mask-ipv6= 56 mask-ipv4=24
mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=zeroize
zeroize-careful (zc): mask-ipv6= 48 mask-ipv4=20
mask-eui64=24 mask-mac=24 mask-autoadjust=yes method=zeroize
zeroize-paranoid (zp): mask-ipv6= 40 mask-ipv4=16 mask-eui64=
0 mask-mac=24 mask-autoadjust=no method=zeroize
keep-type-asn-cc (kp): mask-ipv6= 56 mask-ipv4=24
mask-eui64=40 mask-mac=24 mask-autoadjust=yes method=keep-type-asn-cc
Custom control:
- --mask-ipv4 BITS : mask IPv4 address [0-32] (even if occurs
in IPv6 address)
- --mask-ipv6 BITS : mask IPv6 prefix [0-64] (only applied to
related address types)
- --mask-eui64 BITS : mask EUI-64 address or IPv6 interface
identifier [0-64]
- --mask-mac BITS : mask MAC address [0-48]
- --mask-autoadjust yes|no: autoadjust mask to keep type/vendor
information regardless of less given mask
EXAMPLES¶
Original lines (stdin):
207.46.98.53 - - [01/Jan/2007:00:01:15 +0100] "GET
/Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-"
"msnbot/1.0 (+
http://search.msn.com/msnbot.htm)" 253 6334
2002:52b6:6b01:1:216:17ff:fe01:2345 - - [10/Jan/2007:15:04:28 +0100] "GET
/favicon.ico HTTP/1.1" 200 4710
"
http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6
Firefox/1.5.0.9 pango-text" 413 5005
Modified lines (stdout):
207.46.98.0 - - [01/Jan/2007:00:01:15 +0100] "GET
/Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-"
"msnbot/1.0 (+
http://search.msn.com/msnbot.htm)" 253 6334
2002:52b6:6b00:0:216:17ff:fe00:0 - - [10/Jan/2007:15:04:28 +0100] "GET
/favicon.ico HTTP/1.1" 200 4710
"
http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6
Firefox/1.5.0.9 pango-text" 413 5005
Anonymization method: keep-type-asn-cc
- echo "1.2.3.4" | ./ipv6loganon --anonymize-preset
keep-type-asn-cc
- 246.24.59.65
- echo "2001:a60:1400:1201:221:70ff:fe01:2345" | ./ipv6loganon
--anonymize-preset keep-type-asn-cc
- a909:16fa:9092:23ff:a909:4291:4022:1708
SEE ALSO¶
ipv6calc(8), ipv6logstat(8)
REPORTING BUGS¶
Report bugs to <ipv6calc@lists.deepspace6.net> or to the authors.
Homepage:
http://www.deepspace6.net/projects/ipv6calc.html
COPYRIGHT¶
GPLv2
AUTHORS¶
Peter Bieringer <pb@bieringer.de>