1ipv6loganon(8) system tools ipv6loganon(8)
2
6 ipv6loganon - HTTP server log file anonymizer
7
9 cat /var/log/httpd/access_log | ipv6loganon [OPTIONS]
10
12 This program anonymizes IPv4/IPv6 addresses in HTTP server log files
13 Takes data from stdin, processes it to stdout.
15 Depending on the anonymization method, address parts (prefix/interface
17 identifier) are
18 1. simply zeroized by given masks.
20 2. anonymized by zeroizing only required bits (partially depending on
22 specified masks).
23 3. anonymized by trying to keep for IPv4 and IPv6 addresses
25 (keep-type-asn-cc)
26 When zeroing only required bits (mode 2) the possibilities are
28 IID:
31 EUI-48/64:
33 serial number would be zero'ed, keeping OID ISATAP:
34 client IPv4 address would be anonymized by given IPv4
35 mask TEREDO: client IPv4 address would be anonymized by
36 given IPv4 mask, client port would be zero'ed
37 6to4(Microsoft):
39 client IPv4 address would be anonymized by given IPv4
40 mask
41 local: whole IID would be zero'ed (except if privacy extension
43 was detected, then replaced by a special token)
44 Prefix:
46 IPv6 addresses including IPv4 address of client will be
47 anonymized by the given IPv4 mask
48 When anonymizing with keep (mode 3) the relevant fields are: type of
51 address, Autonomous System Number (ASN), and Country Code (CC)
52 This method requires an IPv4/IPv6 to Country Code and ASN resolution,
54 provided by GeoIP
55 Big advantage: ipv6logstats(8) result should be the same as with raw
57 data
58 Anonymized IPv4 addresses are from experimental range 240.0.0.0/8
60 Anonymized IPv6 addresses are using (currently hijacked) prefix
62 a909::/16
63 Anonymized IPv6 IID is starting with a9x9 (x = anonymized nibbles of
65 SLA)
66
68 General options:
69 [-d|--debug DEBUGVALUE]
71 debug value (bitwise like) can also be set by IPV6CALC_DEBUG
72 environment value
73 [-v|--version [-v [-v]]]
75 version information (2 optional detail levels)
76 [-v|--version -h]
78 explanation of feature tokens
79 [-V|--verbose]
81 be more verbose
82 [-h|--help|-?]
84 this online help
85 External database options (depending on compiled-in suppport):
87 [--db-ip2location-disable]
89 IP2Location support disabled
90 [--db-ip2location-dir DIRECTORY]
92 IP2Location database directory (default: /usr/share/IP2Location)
93 [--db-geoip-disable]
95 GeoIP support disabled
96 [--db-geoip-dir DIRECTORY]
98 GeoIP database directory (default: /usr/share/GeoIP)
99 Input/output options:
101 [-w|--write]
103 write output to file instead of stdout
104 [-a|--append]
106 append output to file instead of stdout
107 [-f|--flush]
109 flush output after each line
110 [-V|--verbose]
112 be verbose
113 Performance options:
115 [-n|--nocache]
117 disable caching
118 [-c|--cachelimit VALUE]
120 set cache limit. Default: 20, maximum: 200.
121 Processing options:
123 Shortcut for anonymization presets:
125 --anonymize-standard (default)
127 --anonymize-careful
129 --anonymize-paranoid
131 Supported methods [--anonymize-method METHOD]:
133 anonymize
135 reliable anonymization, keep as much type information as possi‐
136 ble
137 zeroize
139 simple zeroizing according to given masks, probably loose type
140 information
141 keep-type-asn-cc special reliable anonymization, keep type &
143 Autonomous System Number and CountryCode. LP Available presets
144 (shortcut names) [--anonymize-preset PRESET-NAME]:
145 anonymize-standard (as):
147 mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24
148 mask-autoadjust=yes method=anonymize
149 anonymize-careful (ac):
151 mask-ipv6= 48 mask-ipv4=20 mask-eui64=24 mask-mac=24
152 mask-autoadjust=yes method=anonymize
153 anonymize-paranoid (ap):
155 mask-ipv6= 40 mask-ipv4=16 mask-eui64= 0 mask-mac=24
156 mask-autoadjust=no method=anonymize
157 zeroize-standard (zs):
159 mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24
160 mask-autoadjust=yes method=zeroize
161 zeroize-careful (zc):
163 mask-ipv6= 48 mask-ipv4=20 mask-eui64=24 mask-mac=24
164 mask-autoadjust=yes method=zeroize
165 zeroize-paranoid (zp):
167 mask-ipv6= 40 mask-ipv4=16 mask-eui64= 0 mask-mac=24
168 mask-autoadjust=no method=zeroize
169 keep-type-asn-cc (kp):
171 mask-ipv6= 56 mask-ipv4=24 mask-eui64=40 mask-mac=24
172 mask-autoadjust=yes method=keep-type-asn-cc
173 Custom control:
175 --mask-ipv4 BITS
177 mask IPv4 address [0-32] (even if occurs in IPv6 address)
178 --mask-ipv6 BITS
180 mask IPv6 prefix [0-64] (only applied to related address types)
181 --mask-eui64 BITS
183 mask EUI-64 address or IPv6 interface identifier [0-64]
184 --mask-mac BITS
186 mask MAC address [0-48]
187 --mask-autoadjust yes|no
189 autoadjust mask to keep type/vendor information regardless of
190 less given mask
191
193 Original lines (stdin):
194 207.46.98.53 - - [01/Jan/2007:00:01:15 +0100] "GET
196 /Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-" "msnbot/1.0
197 (+http://search.msn.com/msnbot.htm)" 253 6334
198 2002:52b6:6b01:1:216:17ff:fe01:2345 - - [10/Jan/2007:15:04:28 +0100]
200 "GET /favicon.ico HTTP/1.1" 200 4710
201 "http://www.bieringer.de/linux/IPv6/" "Mozilla/5.0 (X11; U; Linux i686;
202 en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9
203 pango-text" 413 5005
204 Modified lines (stdout):
206 207.46.98.0 - - [01/Jan/2007:00:01:15 +0100] "GET
208 /Linux+IPv6-HOWTO/x1112.html HTTP/1.0" 200 6162 "-" "msnbot/1.0
209 (+http://search.msn.com/msnbot.htm)" 253 6334
210 2002:52b6:6b00:0:216:17ff:fe00:0 - - [10/Jan/2007:15:04:28 +0100] "GET
212 /favicon.ico HTTP/1.1" 200 4710 "http://www.bieringer.de/linux/IPv6/"
213 "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219
214 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text" 413 5005
215 Anonymization method: keep-type-asn-cc
219 echo "1.2.3.4" | ./ipv6loganon --anonymize-preset keep-type-asn-cc
221 246.24.59.65
222 echo "2001:a60:1400:1201:221:70ff:fe01:2345" | ./ipv6loganon
224 --anonymize-preset keep-type-asn-cc
225 a909:16fa:9092:23ff:a909:4291:4022:1708
226
228 ipv6calc(8), ipv6logstat(8)
229
231 Report bugs via GitHub:
232 https://github.com/pbiering/ipv6calc/issues
233 ⟨https://github.com/pbiering/ipv6calc/issues⟩
234 Homepage: http://www.deepspace6.net/projects/ipv6calc.html
236 ⟨http://www.deepspace6.net/projects/ipv6calc.html⟩
237
239 GPLv2
240
242 Peter Bieringer <pb@bieringer.de>
243Peter Bieringer <pb@bieringer.de> 2.0.0 ipv6loganon(8)