Contrib.social

Syslog should not log IP addresses by default

Open on Drupal.org β†’
Created on 19 July 2024, about 2 months ago
Updated 1 August 2024, about 1 month ago

Problem/Motivation

The default configuration for the syslog module includes the !ip token, which is replaced by the user's IP address.

Given modern privacy standards and regulations, the default should be not to log the IP address.

Steps to reproduce

  1. Install Drupal with the standard profile.
  2. Enable the syslog module.
  3. Generate a loggable event (such as Page not Found or a user login).
  4. Inspect the logs and confirm that the user IP address is saved.

Proposed resolution

Remove the !ip token from the default format in core/modules/syslog/config/install/syslog.settings.yml.

Remaining tasks

User interface changes

None, unless the system log is considered part of the user interface.

API changes

None

Data model changes

None

Release notes snippet

N/A

πŸ“Œ Task
Status

Needs work

Version

11.0 πŸ”₯

Component
SyslogΒ  β†’

Last updated about 1 month ago

  • Maintained by
  • πŸ‡¦πŸ‡·Argentina @dagmar
Created by

πŸ‡ΊπŸ‡ΈUnited States benjifisher Boston area

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @benjifisher
  • Merge request !8849Remove token for IP address β†’ (Open) created by benjifisher
  • Status changed to Needs review about 2 months ago
  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States benjifisher Boston area
  • Pipeline finished with Failed
    about 2 months ago
    Total: 483s
    #229265
  • Comment about 2 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom catch

    Is the idea to only do this in syslog because dblog is ephemeral?

  • Comment about 2 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom longwave UK

    Apache and nginx still also log IP addresses by default. This data is often useful, accessible only by administrators (and in the syslog case is inaccessible from Drupal itself) and can't be recreated after the fact in the case of an incident, to me this is won't fix.

  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States benjifisher Boston area

    Thanks for linking to the related issues.

    Is the idea to only do this in syslog because dblog is ephemeral?

    I admit I did not give it a lot of thought. I am setting up syslog for my current project, and I asked whether we should be logging IP addresses. I was told not to. If that is common advice, then we should change the default.

    Also, changing the default for syslog is easy. Adding an option to the dblog module would be more work.

    I am not opposed to expanding the scope of this issue to include dblog.

    This data is often useful, ..., to me this is won't fix.

    You may be right. Either way, it is easy to change the default. We just have to decide which use case is more common, and I think it makes sense to err on the side of less sophisticated site owners.

  • Pipeline finished with Success
    about 2 months ago
    Total: 507s
    #231697
  • Status changed to Needs work about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    So the open questions are

    1. Should we not log the IP
    2. Expand scope to dblog

    Can say personally on our projects logging IP has never been an issue but that might not be the standard.

    Not sure if this needs architecture review?

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024