Tim May wrote:
> The asymmetry arises this way: almost _never_ does an ISP/operator
> benefit from having logs, but prosecutors can use logs to prove various
> crimes and thoughtcrimes.
>
Well, that's not quite true -- logs are pretty useful, in fact even
necessary, for a number of things. Troubleshooting system problems, for
instance. Every time you make a change to the named config on a DNS server,
then restart named, you then immediately look in the log to see if everything
worked okay. Or say someone is having problems getting to a website, and
blaming your firewall or proxy server, you can perhaps find in the DNS server
log that the real problem is at the ISP for the webserver they are trying to
hit. Mail is the same way. And some customers want the statistics from a
webserver's logs -- for a whole year or more, same with the proxy server.
Another thing logs are useful for is if someone is trying to hack you,
and his IP# is showing up in your logs, so you can cut and paste that portion
of the log into email to the hacker's ISP and ask them to do something about
the guy -- although with my latest firewall and packet filtering that might
be a thing of the past.
Other than the afore mentioned web and/or proxy logs for statistical
purposes, however, I can't see any rationale for keeping logs very long,
certainly not over 30 days, maybe not over a week, possibly just one day. I
was at a meeting once with people from the state IT group (who were the ISP
for all the higher eds) who were insisting to us that everybody had to log
*everything*, including router traffic, and keep it for years. When I asked
what law required that, they said there wasn't any, but "you'd be in trouble
with the FBI or Secret Service if you didn't and they needed those logs".
--
Harmon Seaver, MLIS
CyberShamanix
Work 920-203-9633 [EMAIL PROTECTED]
Home 920-233-5820 [EMAIL PROTECTED]
