Do you keep access logs? How long do you keep them?

I imagine that if you ever got a request, you’d understandably just give in and hand out the data. Have you thought of a canary?

Thanks for all your work!

  • snowe@programming.devM
    link
    fedilink
    arrow-up
    78
    ·
    edit-2
    10 months ago

    I’m not in the business of collecting user data and don’t really want to be. In regards to logs, we restart our containers every 6 hours and the logs are wiped at that time, so the furthest back logs I can actually find in our system are from an hour ago.

    And nah, I wouldn’t give in. There’s no real reason to request that information, as accessing a url means absolutely nothing. I did so just now to verify things and the same could be argued by any real user (oh, I clicked on the link and didn’t know what it was going to). I very much doubt the past 6 hours of logs would be useful anyway, as by the time I got the request the logs wouldn’t matter anymore.

    But, I’m still going to see if I can turn off logging for requests. I do not think we need them at all, and if we do, we can simply turn it on for a few minutes to get the info we need.