How to anonymize IP addresses in log files in Plesk?

• 

  froggift May 20, 2018 09:33 (Edited May 20, 2018 09:35)

  Will this also include old gz logs? And also Mail logs not only nginx & apache...

  And will this work with Fail2Ban?

  It would be perfect if we could set the time after which all ip adresses should be anonymized. Even with GDPR it's no problem to store the ip adress for about 7 days for security reasons...

  0

  Comment actions Permalink
• 

  Fabian Meyer May 22, 2018 17:21

  I have updated today. I have the checkbox "Anonymize IPs during log rotation" activated. But its not working: I still see the IPs in the log protocol of the domain. What am I doing wrong?
  
  Sry for my bad english and greetings from germany!
  Fabian

  0

  Comment actions Permalink
• 

  Martin May 23, 2018 11:40

  This is a nice feature to have available for server admins, thanks for implementing. One question I have: Does anonymization of IP addresses when the log are rotated affect other services, for instance the way that Fail2Ban operates?

  If Fail2Ban blocks IP addresses prior to log rotation (i.e. IP anonymization) and also does not process rotated log files, then I do not see there being any conflict.

  Many thanks in advance for any clarification.

  0

  Comment actions Permalink
• 

  Peter Debik May 25, 2018 11:39

  Script execution fails:

  [root@<machine> <machine>]# ./enable-ip-anonimization.sh
  ./enable-ip-anonimization.sh: line 1: syntax error near unexpected token `<'
  ./enable-ip-anonimization.sh: line 1: `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Source of enable-ip-anonimization.sh - force-log-rotation - Plesk Bitbucket</title><script>'

  0

  Comment actions Permalink
• 

  Ivan Postnikov May 25, 2018 19:45 (Edited May 25, 2018 19:46)

  Hello @Peter, thank you for noticing.

  The script will be replaced with the correct one soon.

  0

  Comment actions Permalink
• 

  Peter Debik May 26, 2018 08:55

  The anonymizing function on 17.5 and 17.8 does not work correctly either. After activating it yesterday, it did not anonymize the latest log entries during the nightly log file rotation, but it removed all former log file archives and did not create a new one from yesterday's logs, leaving access_log and access_log.processed for example with the full ip addresses and removed all access_log.processed.?.gz files.

  0

  Comment actions Permalink
• 

  Ivan Postnikov May 26, 2018 16:28

  Hello @Martin and @froggift!

  This feature works with file2ban. IP addresses are blocked prior to log rotation. The corresponding information will be added to this article.

  > Will this also include old gz logs? And also Mail logs not only nginx & apache...

  Yes, .gz and maillogs are also included

  0

  Comment actions Permalink
• 

  Ivan Postnikov May 26, 2018 16:40

  Hello @Peter and @Fabian, have you tried the solution from this article?

  In case it does not help, please create a support request (ticket) and Plesk Technical Support will check the issue further.

  -1

  Comment actions Permalink
• 

  Lenusch May 26, 2018 22:08

  Hi, 

  thx for great feature. 

  Why would i need this script, if I am able to activated this in Backend anyways? 

  0

  Comment actions Permalink
• 

  Denis Bykov May 27, 2018 23:06

  @Lenor
  Indeed, it is possible to perform the same manually. The script is just more convenient and easy, especially for a less tech-savvy person.
  Basically, three following commands will do the work:

  # plesk bin settings -s logrotate_anonymize_ips=true
  # plesk sbin logrot_mng --system-logs --anonymize-ip=true
  # for i in `plesk db -se "select domains.name from domains left join dom_param on domains.id=dom_param.dom_id left join log_rotation on dom_param.val=log_rotation.id where domains.htype='vrt_hst' and dom_param.param='logrotation_id' and log_rotation.turned_on='true'"`; do plesk bin domain --update $i -log-rotate true; done

  0

  Comment actions Permalink
• 

  pm May 29, 2018 08:31

  Is there also a solution for Plesk 12.5.30?

  0

  Comment actions Permalink
• 

  Peter Debik May 29, 2018 15:29

  We are seeing the same "not working" situation on all servers, two of them being a 17.8 installation. One of which is a new installation, the other one is an upgraded system done by Plesk staff. It believe that at least the installation done by Plesk itself should work, but in this case it does not.

  On both of them logs are rotated daily but no longer archived as a .gz archive file. The solution from https://support.plesk.com/hc/en-us/articles/360004925094-IP-address-anonymization-in-logs-does-not-work-last-octet-is-not-replaced does not help, because it does not target the issue. The issue is not that the anonymization does not take place, the issue is that the archives are missing in general, so that we cannot even test if the anonymization takes place. Every log is now only stored for one day and deleted afterwards. It only goes into the *.processed file, and that "processed" log file covers the time period between previous log rotation and current.

  I feel uncomfortable that I ought to buy extra support for figuring this out, because it is evident that it is a software bug. What other options are there?

  0

  Comment actions Permalink
• 

  Sascha Henken June 01, 2018 06:51

  Why do you only anonymize during log rotation? The live logging should also be stripped by the last octet as well. I´m not 100% sure if the current behaviour is GDPR compliant. Would be nice to have such an extended option as well.

  0

  Comment actions Permalink
• 

  Ivan Postnikov June 01, 2018 23:27

  @Peter, it seems that investigation is required to find the root cause.

  I have created a support request for it. 

  0

  Comment actions Permalink
• 

  Ivan Postnikov June 01, 2018 23:35

  Hello @pm, the following solution is available Plesk 12.5:

  1. Login to Plesk via SSH

  2. Download the script:

  # wget https://support.plesk.com/hc/en-us/article_attachments/360006368973/enable-ip-anonimization.sh.tar.gz

  3. Unpack it and make executable:

  # tar -xvf enable-ip-anonimization.sh.tar.gz && chmod +x enable-ip-anonimization.sh

  4. Execute the script:

  # enable-ip-anonimization.sh

  0

  Comment actions Permalink
• 

  pm June 02, 2018 05:15

  Hi, this solution doesn't work in 12.5
  
  # ./enable-ip-anonimization.sh
  This server doesn't support IP anonimization feature

  # plesk version
  Product version: 12.5.30 Update #76
  Update date: 2018/05/17 23:26
  Build date: 2016/06/08 10:00
  OS version: CentOS 6.9
  Revision: 344620
  Architecture: 64-bit
  Wrapper version: 1.2
  
  

  0

  Comment actions Permalink
• 

  Ivan Postnikov June 12, 2018 09:34

  Hello @pm,

  Please, accept my sincere apologies for the incorrect information you have received.

  The feature is not yet implemented for Plesk 12.5.

  The quickest way to solve the issue is to upgrade to Plesk Onyx.

  0

  Comment actions Permalink
• 

  Lenusch June 12, 2018 09:35

  we have activated and got some Error aswell, next day. 

  0

  Comment actions Permalink
• 

  Ivan Postnikov June 15, 2018 17:09

  Hello @Sascha Henken,

  With accordance to Recital 49 of GDPR non-anonymized IPs may be safely stored for some period for security reasons. 

  If maximum safety is required, logrotate may be set up to remove rotated log daily. 

  0

  Comment actions Permalink
• 

  Ivan Postnikov June 15, 2018 17:10

  Hello @Lenor,

  could you, please, share what was the error?

  0

  Comment actions Permalink
• 

  Mike June 18, 2018 23:43

  Please do this also for live logs!

  0

  Comment actions Permalink
• 

  Artyom Volov July 10, 2018 06:51

  Hello @Mike,

  thank you for suggesting this functionality, a feature request was created:

  https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/34789210-anonymize-current-log-files-not-only-rotated-ones

  Please vote for it on UserVoice in order for it to be implemented.

  0

  Comment actions Permalink

Please sign in to leave a comment.