Should logs in /var/webmin be auto-managed?

Can you share the link to the patch?

1 Like

Have you considered how long logs should be kept for europe GDPR and NIS2 rules?

regards
Jan

These have nothing to do with GDPR. It’s not storing personal information.

I don’t know anything about NIS2, but if you have compliance requirements, presumably you have a logrotate configuration that does what you need, and you just need to configure Webmin not to clear logs and add it to your existing log rotation config.

You need to read the full legislation
a line from the logs such as

83.105.54.10 - tracey [22/Sep/2024:06:46:04 +0000] "GET /virtual-server/wizard.cgi?step=5 HTTP/1.1" 200 5300 

would come under the legislation as it contains an IP address and a personal identifier

What are identifiers and related factors?
An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals.
A name is perhaps the most common means of identifying someone. However whether any potential identifier actually identifies an individual depends on the context.
A combination of identifiers may be needed to identify an individual.
The UK GDPR provides a non-exhaustive list of identifiers, including:
name;
identification number;
location data; and
an online identifier.
‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data.
Other factors can identify an individual.

resourced from here

Who knows? We didn’t even know they existed let alone their content
.
I presume a log is created for a reason and documented somewhere.

Who is “we”?

Webmin has had access logs from the beginning, like pretty much all web servers (and in basically the same format).

Action logging is only about 20 years old, though:

If you think it’s a secret or undocumented, you’re trying really hard to remain in the dark about it.

Don’t know why you are replying to me I think this was directed to @Stegan

1 Like

Oops. I got distracted. :man_shrugging:

@MrPete and myself and potentially many other *min users who have not looked deep enough

In the same folder, the /diffs, /output have stuff going back to the install date. Not sure what the purpose is for /modules?

It’s var for Webmin modules. (var is for mutable data, logs, caches, etc.).

So should also be cleaned occasionally?

No. At least not the modules we maintain.

but if they are “maintained” therefore required/important why are they so old?