File: ch03s05.html

package info (click to toggle)
lire 2%3A2.0.3-1.1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 13,292 kB
  • ctags: 5,068
  • sloc: perl: 61,900; xml: 18,361; sh: 1,829; makefile: 1,362
file content (44 lines) | stat: -rw-r--r-- 5,298 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Sending Anonymized Log Files To A Responder</title><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Lire User's Manual"><link rel="up" href="ch03.html" title="Chapter3.Running Lire"><link rel="prev" href="ch03s04.html" title="Merging Reports"><link rel="next" href="ch03s06.html" title="Running Lire In A Server Cluster"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Sending Anonymized Log Files To A Responder</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch03s04.html">Prev</a></td><th width="60%" align="center">Chapter3.Running <span class="application">Lire</span></th><td width="20%" align="right"><a accesskey="n" href="ch03s06.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sect:sending-anonymized-log"></a>Sending Anonymized Log Files To A Responder</h2></div></div></div><p>For more privacy, you can anonymize your log somewhat
	  before sending it to a responder. <span class="application">Lire</span> includes a command
	  called <span class="command"><strong>lr_anonymize</strong></span> which will transform
	  everything that looks like an IP address, an email or a
	  domain name into an anonymized form
	  (<code class="systemitem">10.0.0.1</code>,
	  <code class="systemitem">2.0.0.10.in-addr.arpa</code>,
	  <code class="systemitem">11.example.com</code>,
	  <code class="email">&lt;<a class="email" href="mailto:john.doe@2.example.com">john.doe@2.example.com</a>&gt;</code>, etc.) The mapping
	  between the real value and its anonymized form is saved in a disk
	  database so that you can reverse the process when you
	  receive the report from the responder.
        </p><p>The procedure is quite simple, you just have to filter
	  your log file through <span class="command"><strong>lr_anonymize</strong></span> and
	  make sure that the subject of your email starts with
	  <code class="constant">anon</code>.
	</p><div class="example"><a name="id2573110"></a><p class="title"><b>Example3.5.Sending An Anonymized Postfix Log File To A Responder</b></p><div class="example-contents"><p>To send an anonymized postfix log file to the
	    Stichting LogReport Foundation responder, you would use a command like:
	  </p><pre class="screen">
<code class="prompt">$ </code> grep ' postfix/' /var/log/mail.log | \
    lr_run lr_anonymize /tmp/anon | \
    mail -s "anon Daily Report" log@postfix.logreport.org
	  </pre><p>The <code class="filename">/tmp/anon</code> is the database
	    that is used to save the mapping between the real and
	    anonymized values.
	  </p></div></div><br class="example-break"><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p><span class="command"><strong>lr_anonymize</strong></span> will overwrite the
	    content of that database, so if you reuse the database,
	    make sure that you don't have two concurrent requests to a
	    responder because you will lose the first mappings!
	  </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2573161"></a>Processing The Responder's Results</h3></div></div></div><p>The responder will generate a report in an XML format
	    specific to <span class="application">Lire</span>. To obtain a "normal" report from this,
	    you first deanonymize it, then run the appropriate converter
	    on the deanonymized report. You use the
	    <span class="command"><strong>lr_xml2report</strong></span> command to convert a XML
	    report to one of the available output formats. 
	  </p><p>You can list the output-formats available on your
            system by running <strong class="userinput"><code>lr_xml2report --help
              output-formats</code></strong>.
          </p><div class="example"><a name="id2573197"></a><p class="title"><b>Example3.6.Deanonymizing and Generating A HTML Report</b></p><div class="example-contents"><p>To generate a HTML report from the XML report you
	      received from the responder, you would use the following command:
	    </p><pre class="screen">
<code class="prompt">$ </code> lr_run lr_deanonymize /tmp/anon &lt; /tmp/anon-report.xml &gt; /tmp/report.xml
<code class="prompt">$ </code> lr_xml2report --output html /tmp/report.xml /tmp/report.html
	    </pre></div></div><br class="example-break"></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch03s04.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="ch03.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="ch03s06.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Merging Reports</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Running <span class="application">Lire</span> In A Server Cluster</td></tr></table></div></body></html>