nginx error logs not masked

[schroedingerkitten]

I have trouble getting anonip to mask IPs in my nginx error.log file.

When I execute anonip as root, I receive the following error message:

# anonip < /var/log/nginx/error.log
WARNING:anonip:'2020' does not appear to be an IPv4 or IPv6 network
2020/03/05 19:27:43 [error] 1253#1253: *15347 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: XXX.XXX.XXX.XXX, server: address.tld, request: "GET /favicon.ico HTTP/1.1", host: "address.tld"

With XXX.XXX.XXX.XXX being some IP address (not masked) and address.tld the domain of the server.

I already tried the --delimiter and --column options:

# anonip --delimiter "," --column 2 < /var/log/nginx/error.log
WARNING:anonip:' client' does not appear to be an IPv4 or IPv6 network

Somehow I would need to tell anonip to look behind "client:", but that's not possible.

I thought anonip would work with error logs out of the box. Or have there been some recent changes in the way nginx is formating the error logs?

I am using nginx version nginx/1.14.0 (Ubuntu) and anonip 1.0.0 (installed through pip3).

[open-dynaMIX]

For Anonip to work, the format of the log file needs to have the IP address at a predictable location. Unfortunately with nginx it's not possible to configure the format of the error-log AFAIK.

In your seconds example (anonip --delimiter "," --column 2), the string that's found is client: XXX.XXX.XXX.XXX. If the client: prefix is consistent, we could handle it. But it seems unreliable to me, because the error string comes before the IP address. If that error string contains a ,, detection of the IP address will fail.