Redacting log messages

[Andrzej Mendel-Nykorowycz]

Hello,

I am currently rolling out tac_plus-ng (thank you for all your help so far!) and one of the use-cases is to send accounting logs to the security team for auditing. We are planning to do that via syslog. However, this means sending full configuration commands, including passwords (at least that's how it works on Cisco devices), which is something we would like to avoid.

Q: Is there a way to redact log messages before being sent? By redact I mean remove/replace part of the message, not filter it out completely.

I believe this can be done by piping the message to an external command, but if there is an internal way of doing this, I would rather use it.

Best regards,

Andrzej

[Marc Huber]

Hi Andrzej,

sounds reasonable. 4393d3232780218578663cc3d36c0d5d9f77df2a implements this.

Good idea, thanks!

Marc

commit 4393d3232780218578663cc3d36c0d5d9f77df2a (HEAD -> master)
Author: Marc Huber <Marc....@web.de>
Date:   Mon May 11 17:47:31 2026 +0200

    tac_plus-ng: implement log message rewriting. Example:

        rewrite demo {
            rewrite /(key|secret|password) (\d) (\w+)/ "$1 $2 ***"
            rewrite /(key|secret|password) (\w+)/ "$1 ***"
        }
        log acctlog {
            destination = /tmp/tac/acct.log
            rewrite = demo
        }
        accounting log = acctlog

--
You received this message because you are subscribed to the Google Groups "Event-Driven Servers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to event-driven-ser...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/event-driven-servers/53dd2044-73db-4ac3-b464-bc951c3b1cden%40googlegroups.com.