Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ipv6loganon(8)			 system	tools			ipv6loganon(8)

NAME
       ipv6loganon - HTTP server log file anonymizer

SYNOPSIS
       cat /var/log/httpd/access_log | ipv6loganon [OPTIONS]

DESCRIPTION
       This program anonymizes IPv4/IPv6 addresses in HTTP server log files

       Takes data from stdin, processes	it to stdout.

       Depending  on the anonymization method, address parts (prefix/interface
       identifier) are

       1. simply zeroized by given masks.

       2. anonymized by	zeroizing only required	bits (partially	 depending  on
       specified masks).

       3.   anonymized	 by  trying  to	 keep  for  IPv4  and  IPv6  addresses
       (keep-type-asn-cc)

       When zeroing only required bits (mode 2)	the possibilities are

       IID:

	      EUI-48/64:
		     serial number  would  be  zero'ed,	 keeping  OID  ISATAP:
		     client  IPv4  address  would  be anonymized by given IPv4
		     mask TEREDO: client IPv4 address would be	anonymized  by
		     given IPv4	mask, client port would	be zero'ed

	      6to4(Microsoft):
		     client  IPv4  address  would  be anonymized by given IPv4
		     mask

	      local: whole IID would be	zero'ed	(except	if  privacy  extension
		     was detected, then	replaced by a special token)

       Prefix:
	      IPv6   addresses	including  IPv4	 address  of  client  will  be
	      anonymized by the	given IPv4 mask

       When anonymizing	with keep (mode	3) the relevant	fields	are:  type  of
       address,	Autonomous System Number (ASN),	and Country Code (CC)

       This  method  requires an IPv4/IPv6 to Country Code and ASN resolution,
       provided	by GeoIP

       Big advantage: ipv6logstats(8) result should be the same	 as  with  raw
       data

       Anonymized IPv4 addresses are from experimental range 240.0.0.0/8

       Anonymized   IPv6  addresses  are  using	 (currently  hijacked)	prefix
       a909::/16

       Anonymized IPv6 IID is starting with a9x9 (x =  anonymized  nibbles  of
       SLA)

OPTIONS
       General options:

       [-d|--debug DEBUGVALUE]
	      debug value (bitwise like) can also be set by IPV6CALC_DEBUG en-
	      vironment	value

       [-v|--version [-v [-v]]]
	      version information (2 optional detail levels)

       [-v|--version -h]
	      explanation of feature tokens

       [-V|--verbose]
	      be more verbose

       [-h|--help|-?]
	      this online help

       External	database options (depending on compiled-in suppport):

       [--db-ip2location-disable]
	      IP2Location support disabled

       [--db-ip2location-dir DIRECTORY]
	      IP2Location database directory (default: /usr/share/IP2Location)

       [--db-geoip-disable]
	      GeoIP support disabled

       [--db-geoip-dir DIRECTORY]
	      GeoIP database directory (default: /usr/share/GeoIP)

       Input/output options:

       [-w|--write]
	      write output to file instead of stdout

       [-a|--append]
	      append output to file instead of stdout

       [-f|--flush]
	      flush output after each line

       [-V|--verbose]
	      be verbose

       Performance options:

       [-n|--nocache]
	      disable caching

       [-c|--cachelimit	VALUE]
	      set cache	limit. Default:	20, maximum: 200.

       Processing options:

       Shortcut	for anonymization presets:

		     --anonymize-standard (default)

		     --anonymize-careful

		     --anonymize-paranoid

       Supported methods [--anonymize-method METHOD]:

       anonymize
	      reliable anonymization, keep as much type	information as	possi-
	      ble

       zeroize
	      simple  zeroizing	 according to given masks, probably loose type
	      information

       keep-type-asn-cc	special	reliable anonymization,	keep type &
	      Autonomous System	Number and CountryCode.	 LP Available  presets
	      (shortcut	names) [--anonymize-preset PRESET-NAME]:

       anonymize-standard (as):
	      mask-ipv6=  56  mask-ipv4=24  mask-eui64=40 mask-mac=24 mask-au-
	      toadjust=yes method=anonymize

       anonymize-careful (ac):
	      mask-ipv6= 48 mask-ipv4=20  mask-eui64=24	 mask-mac=24  mask-au-
	      toadjust=yes method=anonymize

       anonymize-paranoid (ap):
	      mask-ipv6=  40  mask-ipv4=16  mask-eui64=	0 mask-mac=24 mask-au-
	      toadjust=no method=anonymize

       zeroize-standard	(zs):
	      mask-ipv6= 56 mask-ipv4=24  mask-eui64=40	 mask-mac=24  mask-au-
	      toadjust=yes method=zeroize

       zeroize-careful (zc):
	      mask-ipv6=  48  mask-ipv4=20  mask-eui64=24 mask-mac=24 mask-au-
	      toadjust=yes method=zeroize

       zeroize-paranoid	(zp):
	      mask-ipv6= 40 mask-ipv4=16 mask-eui64=  0	 mask-mac=24  mask-au-
	      toadjust=no method=zeroize

       keep-type-asn-cc	(kp):
	      mask-ipv6=  56  mask-ipv4=24  mask-eui64=40 mask-mac=24 mask-au-
	      toadjust=yes method=keep-type-asn-cc

       Custom control:

       --mask-ipv4  BITS
	      mask IPv4	address	[0-32] (even if	occurs in IPv6 address)

       --mask-ipv6  BITS
	      mask IPv6	prefix [0-64] (only applied to related address types)

       --mask-eui64 BITS
	      mask EUI-64 address or IPv6 interface identifier [0-64]

       --mask-mac   BITS
	      mask MAC address [0-48]

       --mask-autoadjust yes|no
	      autoadjust mask to keep type/vendor  information	regardless  of
	      less given mask

EXAMPLES
       Original	lines (stdin):

       207.46.98.53	 -     -     [01/Jan/2007:00:01:15     +0100]	  "GET
       /Linux+IPv6-HOWTO/x1112.html  HTTP/1.0"	200   6162   "-"   "msnbot/1.0
       (+http://search.msn.com/msnbot.htm)" 253	6334

       2002:52b6:6b01:1:216:17ff:fe01:2345  -  -  [10/Jan/2007:15:04:28	+0100]
       "GET	    /favicon.ico	  HTTP/1.1"	     200	  4710
       "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11;	U; Linux i686;
       en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6  Firefox/1.5.0.9
       pango-text" 413 5005

       Modified	lines (stdout):

       207.46.98.0	-      -     [01/Jan/2007:00:01:15     +0100]	  "GET
       /Linux+IPv6-HOWTO/x1112.html  HTTP/1.0"	200   6162   "-"   "msnbot/1.0
       (+http://search.msn.com/msnbot.htm)" 253	6334

       2002:52b6:6b00:0:216:17ff:fe00:0	 - - [10/Jan/2007:15:04:28 +0100] "GET
       /favicon.ico HTTP/1.1" 200  4710	 "http://www.bieringer.de/linux/IPv6/"
       "Mozilla/5.0 (X11; U; Linux i686; en-US;	rv:1.8.0.9) Gecko/20061219 Fe-
       dora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text" 413 5005

       Anonymization method: keep-type-asn-cc

       echo  "1.2.3.4"	|  ./ipv6loganon  --anonymize-preset  keep-type-asn-cc
       246.24.59.65

       echo	"2001:a60:1400:1201:221:70ff:fe01:2345"	    |	 ./ipv6loganon
       --anonymize-preset				      keep-type-asn-cc
       a909:16fa:9092:23ff:a909:4291:4022:1708

SEE ALSO
       ipv6calc(8), ipv6logstat(8)

REPORTING BUGS
       Report bugs via GitHub:
	https://github.com/pbiering/ipv6calc/issues
       <https://github.com/pbiering/ipv6calc/issues>

       Homepage:	      http://www.deepspace6.net/projects/ipv6calc.html
       <http://www.deepspace6.net/projects/ipv6calc.html>

LICENSE
       GPLv2

AUTHORS
       Peter Bieringer <pb@bieringer.de>

Peter Bieringer	<pb@bieringer.de>    2.0.0			ipv6loganon(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | REPORTING BUGS | LICENSE | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipv6loganon&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help