Hi,
I have a n conundrum on how to write a pipeline rule to omit password from log.
Log line looks something like this:
Mar 19 12:28:36 localhost haproxy[56341]: 77.243.30.178:12273 [19/Mar/2019:12:28:36.317] api.example.com http-api/BACKEND-1 0/0/1/12/13 200 183 - - ---- 709/707/2/1/0 0/0 {||api.example.com} {189299} "GET /api/command?user=someUser&password=myPassWord&cmd=SOMETHING HTTP/1.1" - -
And I want to change it to look something like this:
Mar 19 12:28:36 localhost haproxy[56341]: 77.243.30.178:12273 [19/Mar/2019:12:28:36.317] api.example.com http-api/BACKEND-1 0/0/1/12/13 200 183 - - ---- 709/707/2/1/0 0/0 {||api.example.com} {189299} "GET /api/command?user=someUser&password=*****&cmd=SOMETHING HTTP/1.1" - -
So omitting password is the goal.
My progress so far is that I’ve created a regext that matches password and incorporated it in a rule.
rule "omit passwords"
when
regex("(?<=password=)[^&]+").matches == true
then
end
I’ve connected it to All messages stream. but not all massages will have password part and will not match, and it seems they get unprocessed with all my attempts at configuring “then”.
Prior to pieline, I’ve configured Haproxy extractor and that works fine. So fields that need edit are “http_request” and “message”.
Tnx in advance.