Scrub emails out of an access log and note affected emails in scrubbed_text.txt

cleanlog.sh

##
# Clean passwords out of access logs.
# Be sure to update the LOG_FILE line to match the location of your log file.
# This will edit your log files. You can back it up and then delete the backup if this works.
# This will also create a file scrubbed_emails.txt with a list of affected emails.
# This requires that both the password and password2 fields be in the logs.
# If you don't have password2 fields, edit the script to use the field that comes after password in your logs.
##
#!/bin/bash

LOG_FILE="access.log" # Replace with your actual log file name
EMAIL_LOG_FILE="scrubbed_emails.txt"

# Ensure the email log file exists
touch $EMAIL_LOG_FILE

# Process each line
while IFS= read -r line; do
    if echo "$line" | grep -q "checkout_levels.*password="; then
        # Extract the email and password
        email=$(echo $line | grep -oP 'bemail=\K[^&\s]*')
        password=$(echo $line | grep -oP 'password=\K(.*?)(?=&password2=)')
        password2=$(echo $line | grep -oP 'password2=\K(.*?)(?=&bemail=)')

        # Append the email to the email log file
        echo $email >> $EMAIL_LOG_FILE

        # Replace the line in the log file
        escaped_password=$(echo $password | sed 's/[]\/$*.^|[]/\\&/g')
        escaped_password2=$(echo $password2 | sed 's/[]\/$*.^[]/\\&/g')
        find_string="password=$escaped_password&password2=$escaped_password2"
        replace_string="password=SCRUBBED&password2=SCRUBBED"

        sed -i "s~$find_string~$replace_string~g" $LOG_FILE

    fi
done < "$LOG_FILE"