Should logs in /var/webmin be auto-managed?

Ilia · July 3, 2025, 10:13pm

Can you share the link to the patch?

Jamie · July 3, 2025, 10:15pm

Linulex · July 6, 2025, 2:06am

Have you considered how long logs should be kept for europe GDPR and NIS2 rules?

regards
Jan

Joe · July 6, 2025, 4:56am

These have nothing to do with GDPR. It’s not storing personal information.

I don’t know anything about NIS2, but if you have compliance requirements, presumably you have a logrotate configuration that does what you need, and you just need to configure Webmin not to clear logs and add it to your existing log rotation config.

jimr1 · July 6, 2025, 5:47am

You need to read the full legislation
a line from the logs such as

83.105.54.10 - tracey [22/Sep/2024:06:46:04 +0000] "GET /virtual-server/wizard.cgi?step=5 HTTP/1.1" 200 5300

would come under the legislation as it contains an IP address and a personal identifier

What are identifiers and related factors?
An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals.
A name is perhaps the most common means of identifying someone. However whether any potential identifier actually identifies an individual depends on the context.
A combination of identifiers may be needed to identify an individual.
The UK GDPR provides a non-exhaustive list of identifiers, including:
name;
identification number;
location data; and
an online identifier.
‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data.
Other factors can identify an individual.

resourced from here

Stegan · July 6, 2025, 7:13am

Who knows? We didn’t even know they existed let alone their content
.
I presume a log is created for a reason and documented somewhere.

Joe · July 6, 2025, 7:55am

Who is “we”?

Webmin has had access logs from the beginning, like pretty much all web servers (and in basically the same format).

Action logging is only about 20 years old, though:

If you think it’s a secret or undocumented, you’re trying really hard to remain in the dark about it.

jimr1 · July 6, 2025, 7:57am

Don’t know why you are replying to me I think this was directed to @Stegan

Joe · July 6, 2025, 8:10am

Oops. I got distracted.

Stegan · July 6, 2025, 10:05am

@MrPete and myself and potentially many other *min users who have not looked deep enough

Randomz · July 8, 2025, 2:46am

In the same folder, the /diffs, /output have stuff going back to the install date. Not sure what the purpose is for /modules?

Joe · July 8, 2025, 3:52am

It’s var for Webmin modules. (var is for mutable data, logs, caches, etc.).

Randomz · July 8, 2025, 7:23am

So should also be cleaned occasionally?

Joe · July 8, 2025, 7:24am

No. At least not the modules we maintain.

Stegan · July 8, 2025, 8:32am

but if they are “maintained” therefore required/important why are they so old?