For GDPR reasons I want to anonymize the IP addresses logged in WildFly's access.log files. How would I go about that? Is there some ready-made solution? Or some easy way to extend the existing logging format? I want to keep the first 3 octets of the IPv4 address.
Asked
Active
Viewed 154 times
0
-
Can you paste a snippet of the configuration. I have not tried it but you can specify pattern something like **pattern="%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""** or try to extend https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/accesslog/AccessLogHandler.java and provide your own implementation. – Atul Feb 06 '19 at 21:26
-
You could pass it through [logstash](https://www.elastic.co/products/logstash). Not sure where it would best fit into your pipeline though. – Synchro Feb 07 '19 at 07:08
-
Wouldn't you be better off encrypting the log files? The way I see it, you still need to have those IP addresses to investigate security breaches, no? – TT. Feb 09 '19 at 04:05
-
AFAIK there is a data scarcity requirement and therefore it's likely illegal to conjure up hypothetical reasons to keep personal data around. If someone attacks you, you still have an IP range you can block. Though with IPv6 addresses it seems not too clear where that cut-off should be because many people have personal ip networks.... – user1050755 Feb 09 '19 at 09:54
1 Answers
0
I submitted a related patch to the Undertow project at github. It would introduce a new attribute '%o' - obfuscated IP address, and new pre-defined log patterns - 'combinedobf', 'commonobf', both of which would log %o instead of full host/ip.
It seems to work with WildFly 15.0.1 - I simply replaced the current untertow-core module for now.
https://github.com/undertow-io/undertow/pull/720
UPDATE
The patch is now included in WildFly 16. https://javagc.leponceau.org/2019/03/wildfly-16-now-with-improved-dsgvogdpr.html
user1050755
- 11,218
- 4
- 45
- 56