2012-09-06 - Re: [GRASE-Hotspot] Use case

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: 423c48e2864808afb8019a0aab63ee5d6f3a412d700adc382150392da2cb641b
Message ID: <50491B78.1080609@gmail.com>
Reply To: <CAOvShqrQxrTQrG1NhceCrj_ZSgmNT7sDeBRmRd-CRNt2sCiqiA@mail.gmail.com>
UTC Datetime: 2012-09-06 14:54:00 UTC
Raw Date: Fri, 07 Sep 2012 07:54:00 +1000

Raw message

2012/8/29 Julien Cornuwel <co***l@gmail.com>:
>> Thanks. I did that and it works. We'll have to generate accounts
>> on-demand for the time being but that's OK.
>>
>> However, I still have problems on the 'legal' side (1 year monitoring) :
>> - Expired user accounts are deleted automatically.
>> - Squid's log contains IP address, which can be correlated to a user
>> account thanks to Grase's apache log.
>> - Non-HTTP connections don't seem to be logged anywhere.
It's very hard for people in other countries to understand what is 
needed but some of the odd legal systems around.

What we need is a very clear list of what is needed (and please don't 
just point us to the legal docs).
For example, some countries need all the logs, which CAN be linked to a 
user. While other countries need all the logs, but that can't be linked 
to the users?
I've so far tended on the side of things, that (other than squid logs, 
which you can adjust the logrotates for yourself), all other logs that 
Grase has are in the database, which is backed up nightly. So if you 
keep 1 year of nightly backups, you can find what ever information you need.

Also, Non-HTTP connections aren't often logged by any software, as it's 
very CPU intensive to keep track of all the connections going through, 
and really really CPU intensive if you need to keep track of every 
aspect of the connection (i.e. not just amount used). Once you start 
resolving desination IP's to DNS, and logging every connection, you 
might as well do a tcpdump the whole time as it'll probably use less CPU 
as you aren't doing any processing on it.

Tim




Thread