On 2014-08-26 14:28:48 -0700, Antoine Beaupré wrote: > Apache, at least in Wheezy, seems to be configured by default to keep 52 > log files, rotated on a weekly basis, meaning that logs are kept for a > year. > > This is a long time to keep longs. It exposes our users unduly to > surveillance and privacy breaches.
Not your users, but people who connect to the web server. But the French law requires (required?) / advises to keep the logs for one year. There's a discussion in French here: http://forum.ovh.com/archive/index.php/t-47594.html Basically this is needed when: * Users can create contents. * In case of security breach, when someone can do bad things via Apache only. > It also means a lot of data to keep on disk for busy webservers. For any > moderately to high traffic webserver, this can actually fill up /var > pretty fast. For example, a server with an average of 12 hits per > second: > > http://stats.koumbit.net/koumbit.net/ceres.koumbit.net/apache_accesses.html > > ... accumulates around 30MB *per day*. That means 11GB per year. Everyone says that disk space is cheap. So, this is a very poor argument. Moreover old logs are compressed, so that it isn't 11GB per year, but much smaller. With gzip compression (which is not very good), I get more than a 10x compression. So, in practice, 30 MB per day would mean around 1 GB of disk space on the previous default of one year, possibly less. > I suspect the default partitionning would not allocate enough space > for /var at all on most systems to cover for that. By default, the Debian installer creates a single partition (unless this has changed recently). > I would suggest following the policies set for /var/log/syslog, which > are rotate daily and keey 7 days. Not everyone has such a busy webserver. IMHO, the default log rotation should be changed back to 1 year, at least to protect users in case of legal matters. Alternatively, size-based log rotation could be used, e.g. with: rotate 15 size 100M -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
