Graylog Labs Article - Redacting Message Fields for Privacy Purposes

Hey everyone!

I’m Jim Dawson, a Solutions Engineer here at Graylog. I work with a lot of customers who have privacy concerns regarding their logs, for instance, users in Germany who fall under BDSG want anonymisation or pseudo-anonymisation of their logs to protect their employees. I wrote the article linked below to address a common question that comes up around this topic, it’s also a good primer on using Processing Pipelines.

If you have any questions or any requests for content on similar topics, please let me know. Hope you all enjoy!


Thanks for your article.
I am “affected” by the privacy law in germany :wink:

The OpenVPN login names in my company must be pseudonymised.
I chose an simple way. A fixed number (a salt) is appended to each OpenVPN user name field.

rule "Pseudonymization of OpenVPN User Name"
  let login_user = to_string($message.OVPN_LoginUser);
  let hash = sha1(login_user + "<SALT>");
  set_field("OVPN_LoginUser", hash + "_hash");
  set_field("message", "*OVPN_Privacy*");
 ..... for more privacy, remove additional fields if necessary .....