Proper way to sanitize passwords

Hello.
I proceed Nginx access log which also contain authentication requests with passwords.
What’s the most efficient/recommended way to wipe out passwords in such logs?

use processing pipelines to either delete the field or mask that field

Question:
Why do you have passwords in your logfiles?
Wouldn´t it be better to edit the file before sending it to your graylog? :slight_smile:

Answer:
I don’t have passwords in my logfiles :upside_down_face:
Nginx sends data directly to Graylog, there is no any intermediate file.
“Nginx access log” here stands for access_log directive

1 Like

Aaah ^^

I thought you would have a “nginx access log(-file)” which contains requests with passwords :smiley:

@jan, if I understand your reply properly I’m expected to parse password to some field first.
Is there some kind common replace function(unfortunately I couldn’t find such in the documentation)? Is it possible just to apply it to full message?
Probably I misunderstand this suggestion and need to do it in another way.
Would you mind to share more details?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.