Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
mmanon rewrite #1723
several improvements for mmanon. This is a meta issue tracker used for referencing all the corresponding issues and information.
For the time being, i consider this done. However, i will leave the issue open so i can later implement the other requested options.
So I'm using it with:
=> default config.
What is important, that it catches ALL ip entries. :-)
I also observed the following by using the default config, which is given by the nature of only wiping 16bits by default:
Certain ISPs have PTR records with the reverse IP address in them. Meaning, if I have the IP
=> It kinda makes the whole work obsolete. You can find such entries e.g. in maillog.
You could choose a ipv4.bits > 16, to address this, but then sometimes the 16bits are nice to detect pattern in attacks. On the other hand, there are also ISPs with PTR entries such as:
I mostly use the following configuration:
Regarding dashes between hostnames, I once made the following patch which seems to work at least for Debian shipping rsyslog version 8.23. It's a hack that doesn't deal with the reverse order of strings contained in PTR records, so it's fine for my use case just because I use ipv4.bits=32.
I could submit a PR but since you're rewriting stuff I don't know if it makes any sense to you. Tell me if you're interested so I can do a PR against the master.