Bug#759382: do not keep so much logs

To: Antoine Beaupré <anarcat@koumbit.org>, 759382@bugs.debian.org
Subject: Bug#759382: do not keep so much logs
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 22 Sep 2014 11:29:10 +0200
Message-id: <[🔎] 20140922092910.GA5877@ypig.lip.ens-lyon.fr>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 759382@bugs.debian.org
In-reply-to: <20140826212848.9716.81869.reportbug@angela.anarc.at>
References: <20140826212848.9716.81869.reportbug@angela.anarc.at>

On 2014-08-26 14:28:48 -0700, Antoine Beaupré wrote:
> Apache, at least in Wheezy, seems to be configured by default to keep 52
> log files, rotated on a weekly basis, meaning that logs are kept for a
> year.
> 
> This is a long time to keep longs. It exposes our users unduly to
> surveillance and privacy breaches.

Not your users, but people who connect to the web server. But the
French law requires (required?) / advises to keep the logs for one
year. There's a discussion in French here:

  http://forum.ovh.com/archive/index.php/t-47594.html

Basically this is needed when:
  * Users can create contents.
  * In case of security breach, when someone can do bad things
    via Apache only.

> It also means a lot of data to keep on disk for busy webservers. For any
> moderately to high traffic webserver, this can actually fill up /var
> pretty fast. For example, a server with an average of 12 hits per
> second:
> 
> http://stats.koumbit.net/koumbit.net/ceres.koumbit.net/apache_accesses.html
> 
> ... accumulates around 30MB *per day*. That means 11GB per year.

Everyone says that disk space is cheap. So, this is a very poor
argument. Moreover old logs are compressed, so that it isn't 11GB
per year, but much smaller. With gzip compression (which is not
very good), I get more than a 10x compression. So, in practice,
30 MB per day would mean around 1 GB of disk space on the previous
default of one year, possibly less.

> I suspect the default partitionning would not allocate enough space
> for /var at all on most systems to cover for that.

By default, the Debian installer creates a single partition (unless
this has changed recently).

> I would suggest following the policies set for /var/log/syslog, which
> are rotate daily and keey 7 days.

Not everyone has such a busy webserver.

IMHO, the default log rotation should be changed back to 1 year,
at least to protect users in case of legal matters. Alternatively,
size-based log rotation could be used, e.g. with:

        rotate 15
        size 100M

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>

Prev by Date: Bug#759382: marked as done (do not keep so much logs)
Next by Date: Bug#759382: do not keep so much logs
Previous by thread: Bug#759382: marked as done (do not keep so much logs)
Next by thread: Bug#759382: do not keep so much logs
Index(es):
- Date
- Thread