Remove PII from log files with 95+ detection patterns
LogScrub's text file scrubber is designed for server logs, application logs, debug output, and any plain text files that may contain sensitive information. With over 90 built-in detection patterns, it automatically finds and replaces personally identifiable information.
| Network & Infrastructure | ||
| Pattern | Example Match | Replacement |
|---|---|---|
| IPv4 Addresses | 192.168.1.100 |
[IP-1] |
| IPv6 Addresses | 2001:db8::1 |
[IPv6-1] |
| MAC Addresses | 00:1A:2B:3C:4D:5E |
[MAC-1] |
| Hostnames | server01.internal.corp |
[HOST-1] |
| URLs with Credentials | https://user:pass@host.com |
[URL-CRED-1] |
| Personal Identifiers | ||
| Email Addresses | john.doe@company.com |
[EMAIL-1] |
| Phone Numbers | +1 (555) 123-4567 |
[PHONE-1] |
| SSN (US) | 123-45-6789 |
[SSN-1] |
| Credit Card Numbers | 4111-1111-1111-1111 |
[CC-1] |
| Secrets & Credentials | ||
| API Keys | sk_live_abc123... |
[API-KEY-1] |
| AWS Access Keys | AKIAIOSFODNN7EXAMPLE |
[AWS-KEY-1] |
| JWT Tokens | eyJhbGciOiJIUzI1NiIs... |
[JWT-1] |
| Private Keys | -----BEGIN RSA PRIVATE KEY----- |
[PRIVATE-KEY-1] |
| Connection Strings | mongodb://user:pass@host |
[CONN-STR-1] |
And 75+ more patterns for UUIDs, dates, file paths, usernames, and industry-specific identifiers.
192.168.1.105 - john.doe [15/Jan/2024:10:30:00] "GET /api/users?email=jane@corp.com HTTP/1.1" 200 1234 "Mozilla/5.0"
[IP-1] - [USER-1] [15/Jan/2024:10:30:00] "GET /api/users?email=[EMAIL-1] HTTP/1.1" 200 1234 "Mozilla/5.0"
2024-01-15 10:30:00 [DEBUG] Connecting to database... Host: db.internal.company.net User: admin_user API Key: sk_live_4eC39HqLyjWDarjtT1zdp7dc 2024-01-15 10:30:01 [INFO] User john@example.com logged in from 10.0.0.55
2024-01-15 10:30:00 [DEBUG] Connecting to database... Host: [HOST-1] User: [USER-1] API Key: [API-KEY-1] 2024-01-15 10:30:01 [INFO] User [EMAIL-1] logged in from [IP-1]
Error: Connection refused at /home/jsmith/projects/api/src/db.js:42 at /home/jsmith/projects/api/node_modules/pg/lib/client.js:123 ConnectionString: postgresql://dbuser:s3cr3t@192.168.1.50:5432/prod
Error: Connection refused at [PATH-1]/src/db.js:42 at [PATH-1]/node_modules/pg/lib/client.js:123 ConnectionString: [CONN-STR-1]
When enabled, the same original value always gets the same replacement. If 192.168.1.100 becomes [IP-1], every occurrence in the file will use [IP-1]. This preserves data relationships and makes the output easier to analyze.
Add your own detection patterns for company-specific identifiers:
Pattern: EMP-\d{6}
Label: EMPLOYEE-ID
Example: EMP-123456 → [EMPLOYEE-ID-1]
LogScrub analyzes your file and suggests additional patterns it detects. Click to add them to your active rules.
Offset all timestamps in your logs by a fixed amount to obscure when events occurred:
2024-01-15 10:30:00 [INFO] Server started 2024-01-15 10:30:05 [INFO] Ready
2024-01-16 10:30:00 [INFO] Server started 2024-01-16 10:30:05 [INFO] Ready
Download a mapping file showing all replacements made. Useful for reverse lookups when investigating issues:
{
"IP-1": "192.168.1.100",
"IP-2": "10.0.0.55",
"EMAIL-1": "john@example.com"
}
.log - Standard log files.txt - Plain text files.out - Command output files.err - Error logs.debug - Debug output.gz - Gzip-compressed text files (auto-extracted).zip - ZIP archives containing text files