Solved: Help regex for masking

mishutts · ‎05-29-2020

Hi,

Can someone please help me regex a password field to mask data?

I've been trying to figure out how to mask the password in the following example;

npx violation-comments-to-cloud-command-line -username JoeSmith@company.com -password abcdef78 -ws walace -rs ttcc-lsls -prid 1441 -v CHECKSTYLE . '.*/reports/filename-goes-here-results.xml$' ESLint -keep-old-comments true -www1 true

I've tried many variations but it either deletes the remainder of the event or doesn't work.

[password-anonymizer]
REGEX =(?m)^(-password\s).*$
FORMAT = $1########
DEST_KEY = _raw

Thanks

to4kawa · ‎05-29-2020

 [password-anonymizer]
 REGEX = (?m)(.*-password )\w+(.*)
 FORMAT = $1#######$2
 DEST_KEY =_raw

For DEST_KEY =_raw , you should keep all text in the event by REGEX.

@richgalloway 's way or my way, As you wish.

to4kawa · ‎05-29-2020

 [password-anonymizer]
 REGEX = (?m)(.*-password )\w+(.*)
 FORMAT = $1#######$2
 DEST_KEY =_raw

For DEST_KEY =_raw , you should keep all text in the event by REGEX.

@richgalloway 's way or my way, As you wish.

mishutts · ‎06-01-2020

Thank you. This worked like a charm.

richgalloway · ‎05-29-2020

Try using SEDCMD in your props.conf file.

[mysourcetype]
SEDCMD-maskpw = s/-password -w+/-password ########/

---
If this reply helps you, Karma would be appreciated.

Help regex for masking