The insanity of sanity. (or am I getting insane?)

What would you say if you were having the following discussion? 

“Help, I have a problem.”
OK, so what is the problem? 
Something doesn’t work.
Sorry, what doesn’t work? 
I can’t tell you, it’s classified.
Can you send me the logs? 
Yes but I have to sanitise them.
Uhhmmm, so this means you’re sending me incomplete logs? 
Yes, I have to remove all references to system names, IP addresses, WWN’s, connection diagrams and everything else that might in the smallest way lead to identification of a system or process.
So basically you can only send me information that has events in them?
Uhmm, yes.
But these cannot tell me anything
Uhmm, yes
So how am I supposed to help you?
By fixing my problem.

And this discussion goes round and round.

I can understand that some information is classified but to sanitise up to a level where even the slightest form of information is yanked through the “sed -r ‘s/”anything which might represent an issue”/”XXXX”/g’ serial editor will most certain elongate any form of a proper analysis and your problem will not be fixed.

Try and determine to which extend you need to sanitise your system dumps and make sure information which is needed to do proper analysis stays in those logs.


Print Friendly, PDF & Email

Subscribe to our newsletter to receive updates on products, services and general information around Linux, Storage and Cybersecurity.

The Cybersecurity option is an OPT-OUT selection due to the importance of the category. Modify your choice if needed.

Select list(s):