alog 0.10.0

Anonymize 'Combined Log Format' data
Documentation

alog

Crates.io Documentation

alog is a simple log file anonymizer.

About

In fact by default alog just replaces the first word on every line of any input stream with a customizable string.

So "log file anonymizer" might be a bit of an overstatement, but alog can be used to (very efficiently) replace the $remote_addr part in many access log formats, e.g. Nginx' default combined log format:

log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

By default any parseable $remote_addr is replaced by it's localhost representation,

  • any valid IPv4 address is replaced by 127.0.0.1,
  • any valid IPv6 address is replaced by ::1 and
  • any String (what might be a domain name) with localhost.

Lines without a $remote_addr part will remain unchanged (but can be skipped).

Changes

With version 0.10

  • The minimal supported Rust version (MSRV) is now 1.80.0.

With version 0.9

  • The Config:thorough option was added to replace every occurrence of $remote_addr in each line.

With version 0.7

  • All ASCII whitespace characters are removed from the beginning of each line by default.
  • The run() and run_raw() functions will now return a Result instead of exiting on failure.

With version 0.6

  • You can (at a substantial cost of CPU cycles) replace the $remote_user with '-' as well and
  • by default any leading Spaces or Tabs will be removed from every line before replacing any $remote_addr.

Building alog

With version 0.3 [features] where added, so that the library crate won't pull unneeded dependencies anymore.

Commandline Tool

To build the alog command line tool you now have to explicitly add --features.

cargo build --features alog-cli

or

cargo build --all-features

Usage

Commandline tool

Run cli-tool with --help.

./target/release/alog --help

Library

Calling run()

fn main() {
    let mut io_conf = alog::IOConfig::default();
    let mut conf = alog::Config::default();

    io_conf.push_input("/tmp/test.log");
    conf.set_ipv4_value("0.0.0.0");

    if let Err(e) = alog::run(&conf, &io_conf) {
        eprintln!("{}", e);
    }

}

or run_raw()

use std::io::Cursor;

fn main() {
    let mut buffer = vec![];

    if let Err(e) = alog::run_raw(
        &alog::Config {
            ipv4: "XXX",
            ..Default::default()
        },
        Cursor::new(b"8.8.8.8 test line"),
        &mut buffer,
    ) {
        eprintln!("{}", e);
    }

    assert_eq!(buffer, b"XXX test line");
}

About Config::authuser

Starting with version 0.6, alog can replace the $remote_user field with a hyphen (-). This feature works with normal Common/Combined log files, but there are a few quirks to be aware of.

  • If you set Config::trim to false and process malformed logs, the parser slows down considerably, and the $remote_user field won’t be removed at all unless a $time_local field is present.

  • The $time_local field must begin with [ followed by a decimal timestamp, e.g. [10/Oct/2000:13:55:36 -0700].

  • An optimization is applied to improve performance on real‑world logs. Because of this, any $remote_user that starts with - [ is left unchanged. For example, in

    8.8.8.8 - - [frank] [10/Oct/2000:13:55:36 -0700] GET /apache_pb.gif HTTP/1.0 200 2326

    the string “frank” remains “frank”. You can disable this optimization.

Project status

alog began as a simple replacement for a sub‑10‑line Perl script that ran on an old backup server—nothing fancy, but it gave me a chance to learn the basics of Rust and crates.io.

As of version 0.6, alog is feature‑complete. It doesn’t have a lot of functionality, but it performs what it does reliably. In the future I may reuse this crate to implement proper data anonymization, but for now that’s where it stands.

I’ll continue to fix bugs when (and if) I encounter them, so the project is now passively maintained.