Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

lr_deanonymize(1) [debian man page]

LR_DEANONYMIZE.IN(1)					  LogReport's Lire Documentation				      LR_DEANONYMIZE.IN(1)

NAME

       lr_deanonymize - restore anonymized data, using a dump as produced by lr_anonymize(1)

SYNOPSIS

       lr_deanonymize dumpfilestem

DESCRIPTION

       lr_deanonymize is typically used when receiving anonymized reports from a responder.  See the section on "Processing The Responder's
       Results" in the chapter on "Using A Responder" in the Lire User Manual for usage examples.

       lr_deanonymize reads a file containing anonymized emailaddresses, ipnumbers, and hostnames (typically a report, generated from a logfile
       from an internet service) from stdin, and prints a "deanonymized" version of this file to stdout. It reads its information to do this from
       a bunch of Berkeley DB's, stored in files whose's names are derived from dumpfilestem, as produced by lr_anonymize(1).

EXAMPLE

       A 'logfile' like e.g.

	blaat fkrf 1.2.3.4.in-addr.arpa] pietje@bigcompany.com bla 1 2 3 lj;agas;gag
	blaat 1.2.3.4 fkrf 3.2.3.4.in-addr.arpa] bla 1 www.hotsex.com 2 3 lj;agas;gag
	jan@blaat.frut.com agagag
	blaat fkrf 4.2.3.4.in-addr.arpa] bla pietje@bigcompany.com www.hotsex.com
	234.34.2.0 jan@blaat.frut.com 4.2.3.4.in-addr.arpa1 2 3 lj;agas;gag
	blaat fkrf tweede 3.2.3.4.in-addr.arpa] bla 1.2.3.4 1 blablabla.com
	2 mdcc.cx
	3 lj;agas;gag

       wil get anonymized to

	blaat fkrf 1.0.0.10.in-addr.arpa] john.doe.1@example.com bla 1 2 3 lj;agas;gag
	blaat 10.0.0.1 fkrf 2.0.0.10.in-addr.arpa] bla 1 1.example.com 2 3 lj;agas;gag
	john.doe.2@example.com agagag
	blaat fkrf 3.0.0.10.in-addr.arpa] bla john.doe.1@example.com 1.example.com
	10.0.0.2 john.doe.2@example.com 3.0.0.10.in-addr.arpa1 2 3 lj;agas;gag
	blaat fkrf tweede 2.0.0.10.in-addr.arpa] bla 10.0.0.1 1 2.example.com
	2 3.example.com
	3 lj;agas;gag

       The dump will look like

	ip 234.34.2.0 10.0.0.2
	ip 1.2.3.4 10.0.0.1
	inaddr 3.2.3.4.in-addr.arpa 2.0.0.10.in-addr.arpa
	inaddr 1.2.3.4.in-addr.arpa 1.0.0.10.in-addr.arpa
	inaddr 4.2.3.4.in-addr.arpa 3.0.0.10.in-addr.arpa
	domain mdcc.cx 3.example.com
	domain blablabla.com 2.example.com
	domain www.hotsex.com 1.example.com
	email jan@blaat.frut.com john.doe.2@example.com
	email pietje@bigcompany.com john.doe.1@example.com

SEE ALSO

       lr_anonymize(1)

VERSION

       $Id: lr_deanonymize.in,v 1.4 2006/07/23 13:16:32 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2000-2001 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

AUTHOR

       Joost van Baal <joostvb@logreport.org>

Lire 2.1.1							    2006-07-23						      LR_DEANONYMIZE.IN(1)

Check Out this Related Man Page

BIND8_QUERY2DLF.IN(1)					  LogReport's Lire Documentation				     BIND8_QUERY2DLF.IN(1)

NAME

       bind8_query2dlf - convert BIND8 querylogs to dlf

SYNOPSIS

       bind8_query2dlf

DESCRIPTION

       This script converts each line in a bind8 querylog to a dns dlf record.

       BIND generates these logs when something like

	logging {
	    channel query_logging {
		file "/var/log/named_querylog"
		versions 3 size 100M;
		print-time yes; 		// timestamp log entries
	     };

	     category queries {
		 query_logging;
	     };
	};

       is in bind's named.conf.  This will save up to three logfiles of maximum 100 megabytes in the directory /var/log.

       These logfiles look like:

	10-Apr-2000 00:01:20.307 XX /10.2.3.4/1.2.3.in-addr.arpa/SOA/IN
	10-Apr-2000 00:01:20.308 XX+/10.4.3.2/host.foo.com/A/IN

EXAMPLES

       To process a log as produced by bind8:

	$ bind8_query2dlf < dns-query

       bind8_query2dlf will be rarely used on its own, but is more likely called by lr_log2report:

	$ lr_log2report bind8_query < /var/log/dns-query

SEE ALSO

       http://www.logreport.org/doc/gen/dns/bind8.php

       bind9_query2dlf(1)

VERSION

       $Id: bind8_query2dlf.in,v 1.6 2006/07/23 13:16:33 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2000-2001 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

AUTHOR

       Edwin Groothuis, now maintained by Joost van Baal

Lire 2.1.1							    2006-07-23						     BIND8_QUERY2DLF.IN(1)
Man Page