Really great tool, thank you for this! One nice little addition would be to be able to not anonymize local access, I guess it could also be used for any other hardcoded whitelisted IP.

Cheers!

You can add this effect by adding these lines directly after the split:

    if ($ip eq '127.0.0.1') {
	print $log_fh $line;
	next;
    }

If you do this, you should limit the randomization to subnets that don't intersect your whitelist ranges. Otherwise you won't know if a whitelisted IP in the resulting log was originally a whitelisted IP or another IP that got randomized into the whitelisted range one.

As the main purpose of this program is to comply to German data privacy laws, I will not add this feature to the official version. As far as I know, there is now exception in the law for local IP ranges or local users. The “you are not allowed to log IP addresses as they are sensitive personal data“ is universal (unless of course all of your users consent to logging the IP addresses, but then you would not need this program in the first place).

I hope the proposed change works for you anyways.

As far as I know, there is now exception in the law for local IP ranges or local users.

Probably true, I was just making the point that they're not really users in most situations, just other services running on the server for whatever reason. Anyway, thanks a lot for your help!