Sanitize the hostname and IP Addresses

1. Collect Server cbdiag
2. unzip the cbdiag NOTE: (if you do not have unzip installed, yum install unzip)

   unzip cbdiag*

3. cd into the cbdiag

   cd cbdiag*

4. Gunzip the log files

   gunzip -r var/log/cb/*

5. If there is a sensor connection issue issue, get the IP for that machine and run the following command. This will replace the IP with Sensor1 allowing us to search what is happening on nginx

   find ./var/log/cb/ -type f -exec sed -i 's/<ipaddress here>/Sensor1/g' {} \;

6. For example, lets say sensor ip is 192.160.108.111

   find ./var/log/cb/ -type f -exec sed -i 's/192.168.108.111/Sensor1/g' {} \;

7. Do this to two example machines if possible, changing to Sensor2 for the second.
8. Run the following command to replace all IP's across all cbdiag files with "scrubbed"

   find ./ -type f -exec  sed -i -e 's/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/scrubbed/g' {} \;

9. Replace the hostname with "myhost" instead

   find ./ -type f -exec sed -i 's/<hostnamehere>/myhost/g' {} \;

10. For example, If the hostname is CbResponse. In some files they may be converted to lower. It is possible to get around that by using [Aa] upper and lower in the query, this will find both CbResponse and cbresponse

    find ./ -type f -exec sed -i 's/[Cc]b[Rr]esponse/myhost/g' {} \;

1. rm -f cb_services/pgsql/cb_user.csv
2. rm -rf var/log/cb/audit*
3. rm -rf var/log/audit*
4. find ./ -type f -exec sed -i -e 's/user[^ ]* /userscrub/g' {} \;