Hi, As someone who operates systems where privacy is desired by their users, I have found this patch very useful. Infact, I found it so useful, that I did the initial port of this patch to syslog-ng 2. I was told things when I submitted it like "well, all of those apps you use should strip the data instead". It is very inconvenient (and if you use commercial software, impossible) to patch a bunch of daemons (the average server can have 30 or more daemons running!) when instead you can strip the information out in the log instead. Other people told me things like "well, why do they need privacy? clearly they are doing something _wrong_ if they need privacy," and well, that's not the case either. Besides the rationale that Micah mentioned for this patch, consider the case where a system gets compromised by spammers (ok, really, this shouldn't happen, but in reality, it does - usually due to upstream vendors not getting patches out in time), the syslogs commonly contain e-mail traffic information, which may not be desirable in the hands of spammers. Having the option to implement a policy which avoids retaining data would also have the benefit of avoiding a situation like the one I describe. At a minimum, I would suggest providing a pointer to this patch. Also, on another note, Debian has included this patch for some time, which means that it's theoretically proven to be reliable. William On Fri, 2007-11-30 at 14:03 -0500, Micah Anderson wrote:
Hello,
A couple years ago this patch was submitted to the list for consideration for inclusion into syslog-ng. I am writing this email again to request that it be considered again. The patch provides a simple replace which enables you to strip out IP addresses from your logs before they are written to disk. The patch has been included in the Debian stable distribution, and currently is included in both Debian Sid and Lenny (unstable and testing). It has had a very wide testing base and is non-intrusive, it has existed since 2004 and has been adapted to work with the newer syslog-ng. The goal of this patch is to give an organization the means to implement site logging policies, by allowing for easy control over exactly what data is retained in the logfiles.
When I first requested consideration for inclusion the reactions were some suggestions for improvement (which were done), some side discussions about the various states of data retention laws, and a general agreement that this patch is non-intrusive and had a valid use case (at least in the U.S., but also likely in other countries as well[0]).
The side-discussions about data-retention laws were mostly around specific geographic localities that were considering laws that would make stripping of addresses illegal, or had already mandated such things. Although these were interesting discussions, as EU data retention laws would prohibit many people from making such configuration changes to their syslog-ng.conf, they were tangential to the point because this patch does not cause those to break such laws.
On the other side of the pond, in the U.S., the EFF[1] has made it very clear that this mechanism of anonymizing logs is perfectly (a) legal in the U.S., and (b) advisable. There are many instances where it is preferable to keep less information on users than is collected by default on many systems. In the United States it is not currently required to retain data on users of a server, but you may be required to provide all data on a user which you have retained. OSPs can protect themselves from legal hassles and added work by choosing what data they wish to retain. The current climate in the U.S. makes this problem so much more important now than it was many years ago.
Having the ability to implement a site-policy that enables an organization to decide if the trade-off between privacy and analysis is worthwhile. This patch allows organizations to have that choice if they feel that it is more important to avoid retaining sensitive data rather than having a full history of everything logged.
Please accept this patch[2], Micah
[0] EPIC International Data Retention Page http://www.epic.org/privacy/intl/data_retention.html
[1] The EFF is the major civil liberties internet watchdog in the US, their "Best Practices for Online Service Providers" can be found here: http://www.eff.org/osp, they explicitly link to our patch as a recommendation
[2] The latest patch can be found at https://code.autistici.org/trac/privacy/browser/trunk/syslog-ng
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html