BlueOnyx Data Retention - GDPR/DSGVO
Like any other Linux server BlueOnyx will also gather logfiles that contain information about system and network related events. Such as which IP addresses tried to connect to which services and what transactions they performed while doing so.
Web server logs contain information classified as personal data by default under the European Union’s General Data Protection Regulation ('GDPR' in English or 'Datenschutz-Grundverordnung' 'DSGVO' in German). The new privacy regulation comes in effect in May 2018, and just about everyone who does any business with the EU or EU clients needs to take action now to either become compliant or to provide means to their clients so that they can become compliant. Even if these laws or regulations are stupid to begin with.
That is why BlueOnyx released an update for BlueOnyx 5207R, 5208R and 5209R on 30th of April 2018 to allow BlueOnyx users to adjust their servers to comply better with the 'GDPR' / 'DSGVO'.
More information on the new regulation:
We at BlueOnyx are no lawyers. We provide software. Hence we cannot and will not guarantee that any BlueOnyx in any shape or form is compliant with the 'GDPR'. Just setting a few checkboxes in the BlueOnyx GUI interface alone will not guarantee that your server complies with the GDPR.
However: The tools we give you at hand are a stepping stone that aids you in crossing off one or two items on the list of reaching compliance.
(All information hereafter assumes you DO have the updates from 30th April 2018 (and later) installed).
By default BlueOnyx 5207R/5208R/5209R keep 14 days of logfiles in /var/log/. After 14 days these logfiles are deleted from /var/log/.
You can choose a shorter or longer logfile retention period on this GUI page via "Server Logfile Retention", though. German BlueOnyx-operators are advised to set it to 7 days. The reason for that can be found here.
However: Some usage information from these logs (pertaining to HTTP, HTTPS, FTP and Email) is extracted daily from the combined logs and is moved over to the /logs/ directories of the individual Virtual Sites that were end-point for that traffic. The information gathered this way is made available to the Server Admin as well as the respective siteAdmin's via the BlueOnyx GUI interface in various places, such as:
Further processing of such aggregated logfile data is also handled by 'Webalizer', 'SendmailAnalyzer' (both are included in BlueOnyx by default) and optional PKGs such as 'AWStats'.
As the logfile data (and the generated statistics) contain personal information such as IP addresses this data falls squarely within the scope of the 'GDPR' and must be handled with care.
The BlueOnyx GUI by default keeps the Virtual Site logfile snippets for 5 years. Individual (shorter) retention periods can be configured on a per Virtual Site level.
The updates from 30th April 2018 introduce the following changes in that regards:
- Possibility to set a “Server Logfile Retention” period. This defines how long server logfiles in /var/log/* will be retained. Default is 14 days, but you *have* to check which retention period for logfiles is legally acceptable in your own jurisdiction. For example: German BlueOnyx operators are advised to store logfiles for no longer than 7 days.
- Possibility to set a maximum “Vsite Usage Information” retention period. This is still set to 5 years by default. But if you set it to a shorter period (example: 1 year), then no Virtual Site may keep their logfiles for longer than that. They can choose a shorter retention period, but not one that exceeds the value defined under “Vsite Usage Information”.
Automatic anonymization of IP addresses stored within Virtual Site logfiles aggregated after the updates from 30th April 2018 have been installed. IPv4 IP addresses in these logs will have their 4th octet set to '0' and IPv6 IP addresses will have their last byte stripped off. This provides sufficient anonymization so that an IP address anonymized in this fashion cannot be attributed to a single end-user.
Usage information gathered by 'SendmailAnalyzer' is now also directly anonymized.
Ability to purge existing (unanonymized) Virtual Site logfiles, 'Webalizer', 'AWStats' and 'SendmailAnalyzer' statistics by setting individual checkboxes and saving this page.
Doing so will remove historical logfiles and statistics, so that from then on only properly anonymized historical usage information is stored for a configurable amount of time.
A BlueOnyx server may also contain other third party additions or modifications which fall under the scope of the 'GDPR'. Compliance of these additional components is outside of the scope of what BlueOnyx provides or stands for.
The optional 'AV-SPAM' Package for BlueOnyx also does forms of data retention, depending on how it is configured. Some of that also falls under the scope of the GDPR. For example the feature 'Milter-GeoIP' (if enabled) tracks IP addresses of SMTP- and SMTP-Auth connections and stores them into a MySQL/MariaDB database to aggregate a history of email volume and sender behavior (to track illegal sending attempts). Naturally this information is not anonymized, as that would defeat the purpose. Under the GDPR it may be necessary for you to obtain and preserve documentation of the consent of your email users to this kind of data aggregation.
However: There is a checkbox named 'AV-SPAM data expiry' which can be set. If set, all MySQL/MariaDB data pertaining to 'Milter-GeoIP' will be expired at the end of the retention period specified under 'Vsite Usage Information'.