Sanitize the contents of a server log file in order to remove potentially sensitive information while still attempting to retain enough information to make it useful for diagnosing problems or understanding load patterns. The sanitization process operates on fields that consist of name-value pairs. The field name will always be preserved, but field values may be tokenized or redacted if they may include sensitive information. Supported log file types include the file-based access, error, sync, and resync logs, as well as the operation timing access log and the detailed HTTP operation log. The audit log can be sanitized using the scramble-ldif tool.
sanitize-log --inputFile logs/access --outputFile logs/access.sanitized \ --preserveComments
sanitize-log --inputFile logs/access --outputFile logs/access.sanitized \ --displayUnparseableLines --tokenizeField pipe --redactField instanceName
Description | Display Identity Broker version information |
Description | Display general usage information |
Description | Display help for using debug options |
Advanced | Yes |
-i {path}
--inputFile {path}
Description | The path to the log file containing the data to be sanitized |
Required | Yes |
Multi-Valued | No |
-o {path}
--outputFile {path}
Description | The path to the log file to which the sanitized log data should be written. If this is not specified, then the output file will use the same name as the input file, but with a '.sanitized' extension |
Required | No |
Multi-Valued | No |
-p {name}
--preserveField {name}
Description | The name of a log field whose value should be preserved without alteration. The default set of fields to preserve is: authFailureID, authorizationType, assuranceTimeoutMillis, attr, attrs, attrsReturned, authType, category, changeToSoftDeletedEntry, cipher, class, clientConnectionPolicy, conn, deleteOldRDN, deref, entriesAddedToTarget, entriesDeletedFromSource, entriesReadFromSource, entriesReturned, etime, idToAbandon, localAssuranceLevel, localAssuranceSatisfied, method, mostExpensiveAggregatePhase, mostExpensiveAggregatePhaseTimeMicros, mostExpensivePhase, mostExpensivePhaseTimeMicros, msgID, oid, op, opID, origin, phaseTimesMicros, pipe, product, protocol, qtime, rebalancingOp, remoteAssuranceLevel, remoteAssuranceSatisfied, replicationChangeID, requestContentLength, requestContentType, requestControls, requestCookieName, requestHeaderName, requestID, requestOID, requestParameterName, requestType, responseContentLength, responseContentType, responseControls, responseCookieName, responseDelayedByAssurance, responseHeaderName, responseOID, responseType, resultCode, retiredPasswordUsed, saslMechanism, scope, severity, sizeLimit, sourceAltered, startupID, statusCode, syncClass, threadID, targetAltered, targetProtocol, timeLimit, triggeredByConn, triggeredByOp, typesOnly, uncachedDataAccessed, unindexed, usingAdminSessionWorkerThread, version |
Required | No |
Multi-Valued | Yes |
-t {name}
--tokenizeField {name}
Description | The name of a log field whose value should be tokenized. If the value of the specified field appears to be a DN or filter, then the attribute names will be preserved and only the values will be tokenized. If the value of the field does not appear to be a DN or filter, then the entire value will be tokenized. The default set of fields to tokenize is: authDN, authzDN, autoAuthenticatedAs, base, dn, filter, from, instanceName, matchedDN, newRDN, newSuperior, redirectURI, requesterDN, requesterIP, softDeleteEntryDN, sourceBackendSet, sourceServer, targetBackendSet, targetHost, targetPort, targetServer, to, undeleteFromDN, url |
Required | No |
Multi-Valued | Yes |
-r {name}
--redactField {name}
Description | The name of a log field whose value should be redacted. Any field not configured to be preserved or tokenized will be redacted |
Required | No |
Multi-Valued | Yes |
Description | Indicates that comment lines (i.e., any line beginning with the '#' character) and blank lines should be included in the sanitized output. If comment lines are to be included, then they will not be altered |
Description | Display a message for each line contained in the log file that cannot be parsed as a valid log message |