What is your log policy?


#1

Continuing the discussion from Host provider -----------:

Well they’re not. The GDPR says it’s fine to “forget” about users, while the French law says you must keep all connection data for at least one year. In this condition, I host outside France, and “forget” to log IPs. In the past I had /var/log mounted at a tmpfs, so a reboot or seizure of the hardware would erase the logs. That’s the best solution IMO, except for legal reasons. What’s your log policy?


#2

aktivix has this page
https://lists.aktivix.org/
does that count as log policy?


#3

Hey @anap, this counts as a log policy, but I had in mind to develop on implemented solutions. What’s the minimum legal logs that are imposed to all the signatories of this wonderful policy, and how to implement those? Can you develop on the implementation stack?

BTW, the sentence “This is exactly what is happening no with your email…” should read “now with…”

E.g.,

  • centralized logs using rsyslog
  • log anonymization
  • ansible playbooks
  • k8s manifests