-
Notifications
You must be signed in to change notification settings - Fork 3
/
nam.conf
69 lines (64 loc) · 2.94 KB
/
nam.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
; Strippy Config file
; Developed for a 12.4.15 release of DCRUM
;Recurse=true
;InPlace=false
;Silent=false
;MaxThreads=5
[ Config ]
IgnoredStrings="/0:0:0:0:0:0:0:0", "0.0.0.0", "127.0.0.1", "name", "applications", ""
; These settings can use braces to include dynamic formatting:
; {0} = Date/Time at processing
; {1} = NewLine character
; #notimplemented {2} = Depends on context. Name of specific file being processed where relevant otherwise its the name of the Folder/File provided to Strippy
SanitisedFileFirstLine="This file was Sanitised at {0}.{1}{1}"
KeyListFirstLine="This keylist was created at {0}.{1}"
;KeyFileName="Keylist.txt"
;AlternateKeyListOutput=".\keylist.txt"
;AlternateOutputFolder=".\SanitisedOutput"
[ Rules ]
;"Some Regex String here"="Replacement here"
"((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))[^\d]"="Address"
"addr=(.*?)[,&]"="Address"
"\d\sUser (\w+?) "="Username"
"Machine : (.*?); "="Hostname"
"Key User Report : section (.*?) - "="Username"
"Key User Report : section .*? - (.*?) - IP: "="Hostname"
"Key User Report : section .*? - .*? - IP: (.*?)"="Address"
"Received update event \(member (.*?),"="Address"
"user:(.*?)$"="Username"
"Using CSS at address (.*)\."="Address"
"CSSAuthManager - connecting to CSS server ... connection with (.*?):\d\d+ established"="Hostname"
"Request .*?@(.*):\d\d+ hasn't been used since"="Hostname"
"\\\\([\w\-.]*?)\\"="Hostname"
"on CSS located at \[(.*?):\d+\]"="Address"
"User (.*?) logged in from"="User"
"User: (.*?) / .*"="User"
" user: \[?(.*?)\]?,"="User"
"User: .* / (.*)"="User"
"originatingHostname: (.*?),"="Hostname"
"hostname=(.*?),"="Hostname"
"sqlserver:(.*?);\]"="Database"
"URL '(.*?)',"="LDAP"
"LDAP server: (.*?);"="LDAP"
"\[ldap:(.*?)\]"="LDAP"
"Found DN \[(.+?)\] for Service Account"="LDAP"
"FQDN and IP address found via JDK \[(.*?)\] \[.*\]"="FQDN"
"FQDN and IP address found via JDK \[.*?\] \[(.*?)\]"="Address"
"FQDN, NBT, and IP addresses used \{\[(.*?)\]\[.*?\]\} \{\} \{\[.*?\]\}"="FQDN"
"FQDN, NBT, and IP addresses used \{\[.*?\]\[(.*?)\]\} \{\} \{\[.*?\]\}"="NBT"
"FQDN, NBT, and IP addresses used \{\[.*?\]\[.*?\]\} \{\} \{\[(.*?)\]\}"="Address"
"Verified CSS \[\[.*?\]\[(.*?)\]\] in Federation"="FQDN"
"Verified CSS \[\[(.*?)\]\[.*?\]\] in Federation"="FQDN"
"jdbc:(.*?);"="JDBC_URL"
"sqlserver:(.*?);\]"="Database"
"Software service (.*) is (alive|dead)"="SoftwareService"
"Cannot get user (.*?) data from CSS"="User"
"Unable to find user \[(.*)\]"="User"
"<(.+)>: Recipient address rejected: Access denied"="User"
"Collected data for report "(.+) : section .+" from .+ in "="DMIReport"
"Collected data for report ".+ : section (.+)" from .+ in "="DMISection"
"^..CSS .+; user: (.+) "="User"
"User (.+) \(\[.+\]\) on .+ has logged (on\.|OUT)"="User"
"User .+ \(\[(.+)\]\) on .+ has logged (on\.|OUT)"="UserPermissions"
; Rules with the Replacement text of '\delete' processed first and deleted entirely
"^.*resolved to.*$"=\delete