Can you share the link to the patch?
Have you considered how long logs should be kept for europe GDPR and NIS2 rules?
regards
Jan
These have nothing to do with GDPR. It’s not storing personal information.
I don’t know anything about NIS2, but if you have compliance requirements, presumably you have a logrotate
configuration that does what you need, and you just need to configure Webmin not to clear logs and add it to your existing log rotation config.
You need to read the full legislation
a line from the logs such as
83.105.54.10 - tracey [22/Sep/2024:06:46:04 +0000] "GET /virtual-server/wizard.cgi?step=5 HTTP/1.1" 200 5300
would come under the legislation as it contains an IP address and a personal identifier
What are identifiers and related factors?
An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals.
A name is perhaps the most common means of identifying someone. However whether any potential identifier actually identifies an individual depends on the context.
A combination of identifiers may be needed to identify an individual.
The UK GDPR provides a non-exhaustive list of identifiers, including:
name;
identification number;
location data; and
an online identifier.
‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data.
Other factors can identify an individual.
Who knows? We didn’t even know they existed let alone their content
.
I presume a log is created for a reason and documented somewhere.
Who is “we”?
Webmin has had access logs from the beginning, like pretty much all web servers (and in basically the same format).
Action logging is only about 20 years old, though:
If you think it’s a secret or undocumented, you’re trying really hard to remain in the dark about it.
Don’t know why you are replying to me I think this was directed to @Stegan
Oops. I got distracted.
@MrPete and myself and potentially many other *min users who have not looked deep enough
In the same folder, the /diffs, /output have stuff going back to the install date. Not sure what the purpose is for /modules?
It’s var
for Webmin modules. (var
is for mutable data, logs, caches, etc.).
So should also be cleaned occasionally?
No. At least not the modules we maintain.
but if they are “maintained” therefore required/important why are they so old?