I have found some solutions to anonymize IP in nginx log - like this Anonymize IP logging in nginx?

But this will strip IP to C-subnet. Thats too much. For my purposes and GDPR compilant is in my opinion enough if the last octet of IP will be divided by 2, floored and multiplied by 2 to again. So IP will not be exact.

Can be done this in nginx / map. I did not have any luck yet.

Have a look to another law before doing this, if your website is hosted in the EU, the UE Directive 2002/58/EC requires you to store the real IP addresses between 6 month and 2 years, depending on your country within EU.

If you are hosting your website in the EU, what anonymising or pseudonimising IP adresses is only allowed after a time.

So i have answer, not pure nginx, using compiled perl.

nginx.conf

load_module /usr/local/libexec/nginx/ngx_http_perl_module.so;

(depends on OS - this is on freebsd)

in httpd {

perl_set $remote_addr_anon 'sub {

    use POSIX;

    my $r = shift;
    my $str = $r->remote_addr;
    my @ex = split(/\./, $str);

    if ( scalar @ex == 4 ) {

            my $anon_ip = @ex[0] . "." . @ex[1] . "." . @ex[2] . "." . (floor(@ex[3]/2)*2) ;

            return $anon_ip;
    } else {

            return "IPv6"
    }
}'; 

log_format anonymized '$remote_addr_anon - $remote_user [$time_local] ' 
'"$request" $status $body_bytes_sent ' 
'"$http_referer" "$http_user_agent"';

And then use anonymized access log format in access_log.

I dont use IPv6 so dont care about it. If you purify this, you can, I'm not familiar with perl.