diff --git a/README.md b/README.md index 9854a65..63359be 100644 --- a/README.md +++ b/README.md @@ -4,22 +4,22 @@ A Fluent filter plugin to anonymize records which have PAN (Primary Account Numb Inspired by [fluent-plugin-anonymizer](https://github.com/y-ken/fluent-plugin-anonymizer). -# Requirements +## Requirements - fluentd: v0.14.x or later - Ruby: 2.4 or later -# Installation +## Installation -``` +```shell gem install fluent-plugin-pan-anonymizer ``` -# Configuration +## Configuration NOTE: Card numbers in the example don't exist in the world. -``` +```XML @type dummy tag dummy @@ -51,9 +51,9 @@ NOTE: Card numbers in the example don't exist in the world. ``` -## The result of the example given above +### The result of the example given above -``` +```syslog 2018-11-13 22:01:35.074963000 +0900 dummy: {"time":12345678901234567,"subject":"xxxxxx","user_inquiry":"hi, my card number is 9999999999999999 !"} 2018-11-13 22:01:36.001053000 +0900 dummy: {"time":12345678901234568,"subject":"xxxxxx","user_inquiry":"hello inquiry code is 4567890123456789"} 2018-11-13 22:01:37.021032000 +0900 dummy: {"time":12345678901234569,"subject":"I am xxxx-xxxx-xxxx-xxxx","user_inquiry":"xxxx-xxxx-xxxx-xxxx is my number"} @@ -62,6 +62,70 @@ NOTE: Card numbers in the example don't exist in the world. Card numbers were masked with given configuration except `time` key and `4567890123456789` in "hello inquiry code is 4567890123456789". `4567890123456789` is not a valid card number. -# License +### A more complex example + +This example reads logs of an application called `sample`, masks and saves under `/var/log/masked/` so that you can use the masked version. This example uses `td-agent`. + +```XML + + @type tail + # update the path + path /var/log/sample.log + pos_file /var/log/td-agent/sample.log.pos + + # Use the source application name as a tag below: + tag sample + + # We don't care about the type and format of log. + # We will explicitly assume that it is plain text. + + @type none + + + +# Use the name of application used in the "tag" above + + @type pan_anonymizer + ignore_keys time + + + # mastercard + formats /(5[1-5][0-9]{2}(?:\ |\-|)[0-9]{2})[0-9]{2}(?:\ |\-|)[0-9]{4}(?:\ |\-|)([0-9]{4})/ + checksum_algorithm luhn + mask \1******\2 + + + # visa + formats /(4[0-9]{3}(?:\ |\-|)[0-9]{2})[0-9]{2}(?:\ |\-|)[0-9]{4}(?:\ |\-|)([0-9]{4})/ + checksum_algorithm luhn + mask \1******\2 + + + # amex + formats /((?:34|37)[0-9]{2}(?:\ |\-|)[0-9]{2})[0-9]{4}(?:\ |\-|)[0-9]{1}([0-9]{4})/ + checksum_algorithm luhn + mask \1******\2 + + + +# Use the name of application used in the "tag" above + + @type file + # Logs will be saved under this folder + # Name will be buffer..log + # At the end of the day, it will rename the file as + # buffer..log + path /var/log/masked + append true + + +# Push fluentd messages to stdout + +``` +## License Apache License, Version 2.0 diff --git a/fluent-plugin-pan-anonymizer.gemspec b/fluent-plugin-pan-anonymizer.gemspec index dace0ed..a8fd2f9 100644 --- a/fluent-plugin-pan-anonymizer.gemspec +++ b/fluent-plugin-pan-anonymizer.gemspec @@ -4,8 +4,8 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) Gem::Specification.new do |spec| spec.name = "fluent-plugin-pan-anonymizer" - spec.version = "0.0.1" - spec.authors = ["Hiroaki Sano"] + spec.version = "0.0.2" + spec.authors = ["Hiroaki Sano", "Zafer Balkan"] spec.email = ["hiroaki.sano.9stories@gmail.com"] spec.summary = %q{Fluentd filter plugin to anonymize credit card numbers.} diff --git a/lib/fluent/plugin/pan/masker.rb b/lib/fluent/plugin/pan/masker.rb index 688c6cd..c4249a3 100644 --- a/lib/fluent/plugin/pan/masker.rb +++ b/lib/fluent/plugin/pan/masker.rb @@ -35,7 +35,7 @@ def mask_if_found_pan(orgval) pan = match.split("").select { |i| i =~ /\d/ }.map { |j| j.to_i } if valid?(pan) - match = @mask + match = match.gsub(@regexp, @mask) else match end