[syslog-ng] [PATCH] anonymizing filter

Micah Anderson micah at riseup.net
Fri Nov 30 20:03:09 CET 2007


Hello,

A couple years ago this patch was submitted to the list for
consideration for inclusion into syslog-ng. I am writing this email
again to request that it be considered again. The patch provides a
simple replace which enables you to strip out IP addresses from your
logs before they are written to disk. The patch has been included in the
Debian stable distribution, and currently is included in both Debian Sid
and Lenny (unstable and testing). It has had a very wide testing base
and is non-intrusive, it has existed since 2004 and has been adapted to
work with the newer syslog-ng. The goal of this patch is to give an
organization the means to implement site logging policies, by allowing
for easy control over exactly what data is retained in the logfiles.

When I first requested consideration for inclusion the reactions were
some suggestions for improvement (which were done), some side
discussions about the various states of data retention laws, and a
general agreement that this patch is non-intrusive and had a valid use
case (at least in the U.S., but also likely in other countries as
well[0]).

The side-discussions about data-retention laws were mostly around
specific geographic localities that were considering laws that would
make stripping of addresses illegal, or had already mandated such
things. Although these were interesting discussions, as EU data
retention laws would prohibit many people from making such configuration
changes to their syslog-ng.conf, they were tangential to the point
because this patch does not cause those to break such laws.

On the other side of the pond, in the U.S., the EFF[1] has made it very
clear that this mechanism of anonymizing logs is perfectly (a) legal in
the U.S., and (b) advisable. There are many instances where it is
preferable to keep less information on users than is collected by
default on many systems. In the United States it is not currently
required to retain data on users of a server, but you may be required to
provide all data on a user which you have retained. OSPs can protect
themselves from legal hassles and added work by choosing what data they
wish to retain. The current climate in the U.S. makes this problem so
much more important now than it was many years ago.
 
Having the ability to implement a site-policy that enables an
organization to decide if the trade-off between privacy and analysis is
worthwhile. This patch allows organizations to have that choice if they
feel that it is more important to avoid retaining sensitive data rather
than having a full history of everything logged.

Please accept this patch[2],
Micah

[0] EPIC International Data Retention Page 
http://www.epic.org/privacy/intl/data_retention.html

[1] The EFF is the major civil liberties internet watchdog in the
US, their "Best Practices for Online Service Providers" can be found
here: http://www.eff.org/osp, they explicitly link to our patch as a
recommendation

[2] The latest patch can be found at
https://code.autistici.org/trac/privacy/browser/trunk/syslog-ng


-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-ng-anon-2.0.5.diff
Type: text/x-diff
Size: 10236 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071130/be231e47/attachment-0001.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071130/be231e47/attachment-0001.pgp 


More information about the syslog-ng mailing list