[BlueOnyx:22005] Re: 5207R, 5208R and 5209R: EU-GDPR & EU-DSGVO compliance updates released

[Michael Stauber]

Hi Dirk,

> thank you for the fix. Seems to work now.

Very well.

> One question. Is "Anonymize data " only for sendmail analyser?
> Is there also a possibility to enable "Anonymize data" 
> for /var/log/httpd/access_log / /var/log/httpd/error_log?

Please recall that we don't have to anonymize everything. Under the GDPR
regulation and the EU-DSGVO 14 days of logfiles is fine. Which is what
we now have by default.

The daily cronjobs that take log snippets from /var/log/httpd/access_log
and /var/log/maillog and copy them to the Vsites logs directories for
longer archiving directly anonymize the last octet of IPv4 addresses and
the least significant quadruplet of IPv6 IPs during that archival
transaction. Likewise: SendmailAnalyzer can anonymize personal
information. So everything that goes into longer storage will be
anonymized. Webalizer and the optional AWStats from the shop run off
these (then) already anonymized logs, so their data should also be fine.
Except for anything statistics that were generated before we started to
anonymize the Vsite logfiles.

Now if someone wanted to, it would also be possible to anonymize every
other logfile. Either by modifying the logging lines in the daemons or
via cronjobs by piping the logs through the new /usr/local/sbin/anonip.py

However: If you run anything that automatically parses logs for bad
behavior (Dfix2, Fail2ban, Haxxor or something else), then this would be
a bad idea, as you want to block the real and not the anonymized IP.

-- 
With best regards

Michael Stauber