cancel
Showing results for 
Search instead for 
Did you mean: 

Sanitizing logs for submission to McAfee and DISA

All,

I am using the program Textpad for this.

I have to submit logs to McAfee and DISA from time to time and want to sanitize these so they dont give out IP's and servernames.....etc.

I am having some partial luck using TextPad and regular expressions.

a.  \<SITE([^,]*)    - using the find and replace, this will find all instances of the word "SITE" and replace the entire string with whatever you want.  Use this to alter computer names

b. \<([0-9]{2})\>.\<([0-9]{2})\>\.  - this will find the first two octets of an IP address and replace it with what your want.  the /2 denotes 2 characters long   i.e.  25.22.10.5 would be replaced by whatever you put in the replace field.......192.168.10.5 would not.  However, this is wiping out timestamps in the logs too.

Anyhow, I would like a better way to do this without screwing the dates over.

Also, would like to find a way to rename all of the SADR and ePo machines from a text file.  i.e. put in a list of the actual server names, and the name I want them replaced with - Maybe Record a Macro for this?  I dont know, havent worked much with macros.

Ideas?

Tags (1)
2 Replies
ajacobs
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Sanitizing logs for submission to McAfee and DISA

I am trying to find the correct area to move all your posts to. Unfortunately this group was created by a regular member and not an employee, and has not been revisted since to help people who post questions here.

Please tell me which McAfee product you are posting about and I will move your thread accordingly.

Re: Sanitizing logs for submission to McAfee and DISA

Received a How-To guide from McAfee using the MER tool.  Pressing Ctrl+Z will let you delete out MAC addresses, IP's....etc.

Still, it took them 2 1/2 months to get that information out to me..........

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community