-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfluent.conf
168 lines (143 loc) · 4.46 KB
/
fluent.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# Receive events from 24224/tcp
# This is used by log forwarding and the fluent-cat command
<source>
type forward
port 24224
bind 0.0.0.0
</source>
# Non PCI Data element infotypes inspired by GoogleDLP docs
# https://cloud.google.com/dlp/docs/infotypes-reference
### BEGIN PCI Section
# An attempt to provide filters for these PAN Formats
# https://www.paypalobjects.com/en_AU/vhelp/paypalmanager_help/credit_card_numbers.htm
# //TODO add a Luhn check http://stackoverflow.com/questions/20740444/check-credit-card-validity-using-luhn-algorithm
# Mastercard
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/5[1-5][0-9]{2}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# VISA
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/4[0-9]{3}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# //TODO Fix Amex, it's not working yet
# AMEX
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/(34|37)[0-9]{2}(\\ |\\-|)[0-9]{6}(\\ |\\-|)[0-9]{5}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# Diners Club 1
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/30[0-5][0-9](\\ |\\-|)[0-9]{6}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# Diners Club 2
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/(36|38)[0-9]{2}(\\ |\\-|)[0-9]{6}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# Discover
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/6011(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# JCB1
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/3[0-9]{3}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}(\\ |\\-|)[0-9]{4}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
# JCB2
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/(2131|1800)[0-9]{11}/,"xxxx xxxx xxxx xxxx")}
</record>
</filter>
### ^^ END PCI Section. ^^
### BEGIN National Insurace ID Section
# US_ADOPTION_TAXPAYER_IDENTIFICATION_NUMBER
# USA SSN With Dashes
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/[0-9]{3}\-[0-9]{2}\-[0-9]{4}/,"xxx-xx-xxxx")}
</record>
</filter>
# US_ADOPTION_TAXPAYER_IDENTIFICATION_NUMBER
# USA SSN with Spaces
<filter *>
@type record_transformer
enable_ruby true
<record>
log ${record["log"].gsub(/[0-9]{3}\s[0-9]{2}\s[0-9]{4}/,"xxx-xx-xxxx")}
</record>
</filter>
## END ^^ National Insurace ID Section ^^
# # Internet IPV4 Address\
# <filter *>
# @type record_transformer
# enable_ruby true
# <record>
# log ${record["log"].gsub(/(?:[0-9]{1,3}\.){3}[0-9]{1,3})/,"aaa.bbb.ccc.ddd")}
# </record>
# </filter>
# # Internet IPV6 Address
# <filter *>
# @type record_transformer
# enable_ruby true
# <record>
# log ${record["log"].gsub(/(?:(?:(?:[A-F0-9]{1,4}:){6}|(?=(?:[A-F0-9]{0,4}:){0,6}(?:[0-9]{1,3}\.){3}[0-9]{1,3}(?![:.\w]))(([0-9A-F]{1,4}:){0,5}|:)((:[0-9A-F]{1,4}){1,5}:|:)|::(?:[A-F0-9]{1,4}:){5})(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}|(?=(?:[A-F0-9]{0,4}:){0,7}[A-F0-9]{0,4}(?![:.\w]))(([0-9A-F]{1,4}:){1,7}|:)((:[0-9A-F]{1,4}){1,7}|:)|(?:[A-F0-9]{1,4}:){7}:|:(:[A-F0-9]{1,4}){7})(?![:.\w])/,"xxx-xx-xxxx")}
# </record>
# </filter>
# # Email
# <filter *>
# @type record_transformer
# enable_ruby true
# <record>
# log ${record["log"].gsub(/[A-Z0-9._%+-]+@([A-Z0-9.-]+)\.([A-Z]{2,4})/,"nnn@nnn.nnn")}
# </record>
# </filter>
# # USA Street Address
# <filter *>
# @type record_transformer
# enable_ruby true
# <record>
# log ${record["log"].gsub(/\d+(\s[A-Z0-9\.]+?){1,3}\s(RD|ROAD|DR|DRIVE|AVE|AVENUE|APT|APARTMENT|PL|PLACE|ST|STREET)/,"XXXXXXXXXXXXXXXXXXXX")}
# </record>
# </filter>
### BEGIN Miscellany PII Section
## END ^^ Miscellany PII Section ^^
<match *>
@type file
@id output_docker1
path /fluentd/log/docker.*.log
symlink_path /fluentd/log/docker.log
append true
time_slice_format %Y%m%d
time_slice_wait 1m
time_format %Y%m%dT%H%M%S%z
</match>