I'm using this regex to mask cc data in props.cof on a Heavy Forwarder....need help in validating....
log format
all numbers starts with account=" some of them ends with " and some are not..
xxxxxxxxxxxxxxxxxxx/xxxxx
xxxxxxxxxxxxxxxx xx/xx xxx
xxxxxxxxxxxxxxxx: xx xxxxx
"xxxxxxxxxxxxxxxx "
xxxxxxxxxxxxxxxxx
"xxxx-xxxx-xxxx-xxxx"
"0-xxxxxxxxxxxxxxx"
I see the entire event has been dropped, i don't see any event with account=xxxx-xxxx-xxxx-xxxx
[my_sourcetype]
SEDCMD-accmasking= s/account=\"?[\w\d\-\s\/\:\S]+\"?/xxxx-xxxx-xxxx-xxxx/g
I tried using the capturing groups (), still it didn't work...
[my_sourcetype]
SEDCMD-accmasking= s/account=(\"?[\w\d\-\s\/\:\S]+\"?)/xxxx-xxxx-xxxx-xxxx/g
↧