information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it
yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.
information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it
yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.
A court might be able to compel you to turn on logging. I feel like that has happened before, and they decided to shut down instead of complying.
Just store what logs you need on a ram drive. The logs will be gone the instant the server shuts down and there is no way to recover them.
Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.
If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.
1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.