First, let me say I'm not a coder. I had need to share my router log file with someone to review, but I wanted to strip out "sensitive" information first. So I spent time with ChatGPT having it create a tool to do the job. It took a good 2 hours of back-and-forth and in the end it needed to be split into to files to work reliably due to some apparent BusyBox constraints. I thought it might be useful to at least some of you, but don't rely on the output without careful review at least the first time. You'll notice I had things like Tivo information in my log. You very well may have other types of sensitive information in your logs depending on your setup, so you've been warned. Trust but verify.
There's no warranty, and I really can't help you edit the code other than to say if you copy it and paste it into ChatGPT it should then be able to provide edits to handle other situations.
Good luck.
Asuswrt-Merlin Log Sanitizer
Safely share your router logs without leaking personal data
Version: 1.9.11 (2025-11-12)
Tested on: GT-AX11000 (Merlin 3004.388.10_2), RT-AX88U Pro, RT-AC68U <<==I only tested on GT-AX11000. ChatGPT might have hallucinated the other two models' testing
---
Purpose
When posting to SNBForums or Reddit for troubleshooting, your `/tmp/syslog.log` may contain sensitive information (IP addresses, MACs, DDNS names, etc.).
This sanitizer automatically redacts private data while keeping technical context intact — so others can help you debug safely.
---
What It Does
Everything diagnostic (RSSI, firmware version, MTU, cipher, etc.) stays visible.
---
Files
---
Installation
1. Enable JFFS scripts
Administration → System → Enable JFFS custom scripts = Yes
(reboot once if newly enabled)
2. Copy both files to your router:
3. Make them executable:
4. Run it:
---
Output
All results go to `/tmp/`:
Example run:
---
Verification
Every run automatically checks for:
• Unredacted credentials or domains
• Missed ACME or DDNS tokens
• Residual fingerprints
Output shows:
If anything’s missed, it lists the lines for you to review.
---
Benefits
✔ Keeps router data private before public posting
✔ Works entirely on-device — no external upload
✔ Maintains technical info for troubleshooting
✔ Compatible with BusyBox 1.25+ (Merlin default)
✔ Tested on multiple models and firmware versions <<==ChatGPT said this but I'm not sure how that's true. I have one model and one Merlin FW, 3004.388.10_2.
---
Optional Shortcut
You can add an alias for convenience:
Then just type:
---
---
Download
Download both and remove the .txt extension, save them to your router, and make executable.
No external dependencies required — everything runs locally.
---
There's no warranty, and I really can't help you edit the code other than to say if you copy it and paste it into ChatGPT it should then be able to provide edits to handle other situations.
Good luck.
Asuswrt-Merlin Log SanitizerSafely share your router logs without leaking personal data
Version: 1.9.11 (2025-11-12)
Tested on: GT-AX11000 (Merlin 3004.388.10_2), RT-AX88U Pro, RT-AC68U <<==I only tested on GT-AX11000. ChatGPT might have hallucinated the other two models' testing
---
Purpose
When posting to SNBForums or Reddit for troubleshooting, your `/tmp/syslog.log` may contain sensitive information (IP addresses, MACs, DDNS names, etc.).
This sanitizer automatically redacts private data while keeping technical context intact — so others can help you debug safely.
---
What It Does
| Category | Action |
|---|---|
| IP addresses | → replaced with IP_1, IP_2, etc. |
| MAC addresses | → replaced with MAC_# |
| Hostnames / DDNS / domains | → replaced with HOST_# |
| Emails | → replaced with EMAIL_# |
| Wi-Fi SSIDs | → numbered (SSID_1, SSID_2, ...) |
| DHCP hostnames | → numbered (DHCP_HOST_1, DHCP_HOST_2, ...) |
| VPN names | → numbered (VPN_1, VPN_2, ...) |
| Usernames (SSH/OpenVPN) | → [REDACTED_USER] |
| Certificates, keys, thumbprints | → [REDACTED_*] |
| Authorization headers & tokens | → [REDACTED] |
| SSH fingerprints | → [REDACTED_FINGERPRINT] |
| Interface names | Kept visible (e.g., eth0, wl1.2, tun11) |
Everything diagnostic (RSSI, firmware version, MTU, cipher, etc.) stays visible.
---
Files
| File | Purpose |
|---|---|
| /jffs/scripts/sanitize_logs.sh | Shell wrapper — orchestrates backup, run, and verification |
| /jffs/scripts/sanitize_logs.awk | AWK engine — performs the actual redactions |
---
Installation
1. Enable JFFS scripts
Administration → System → Enable JFFS custom scripts = Yes
(reboot once if newly enabled)
2. Copy both files to your router:
Code:
/jffs/scripts/sanitize_logs.sh
/jffs/scripts/sanitize_logs.awk3. Make them executable:
Code:
chmod +x /jffs/scripts/sanitize_logs.sh
chmod 644 /jffs/scripts/sanitize_logs.awk4. Run it:
Code:
/jffs/scripts/sanitize_logs.sh---
Output
All results go to `/tmp/`:
| File | Purpose |
|---|---|
| syslog_original_<timestamp>.log | Original backup (unmodified) |
| syslog_sanitized_<timestamp>.log | Clean version — safe to share |
| syslog_map_<timestamp>.txt | Private mapping (for your reference only) |
| syslog_counts_<timestamp>.txt | Redaction counts per category |
Example run:
Code:
sanitize_logs.sh v1.9.11 (2025-11-12)
Original log backed up to /tmp/syslog_original_20251112-1110.log
Sanitizing /tmp/syslog.log ...
✅ Verification passed: no unredacted sensitive strings detected.
Summary of redactions:
EMAIL: 2
MAC: 46
IP: 38
HOST: 4
SSID: 3
DHCP_HOST: 2---
Verification
Every run automatically checks for:
• Unredacted credentials or domains
• Missed ACME or DDNS tokens
• Residual fingerprints
Output shows:
Code:
✅ Verification passed: no unredacted sensitive strings detected.If anything’s missed, it lists the lines for you to review.
---
Benefits
✔ Keeps router data private before public posting
✔ Works entirely on-device — no external upload
✔ Maintains technical info for troubleshooting
✔ Compatible with BusyBox 1.25+ (Merlin default)
✔ Tested on multiple models and firmware versions <<==ChatGPT said this but I'm not sure how that's true. I have one model and one Merlin FW, 3004.388.10_2.
---
Optional Shortcut
You can add an alias for convenience:
Code:
echo "alias sanitize='/jffs/scripts/sanitize_logs.sh'" >> /jffs/configs/profile.add
Code:
sanitize---
---
Download
Download both and remove the .txt extension, save them to your router, and make executable.
No external dependencies required — everything runs locally.
---
