How to make Admin audit log (audit.log) compliant with GDPR

evamed · January 8, 2024, 2:55pm

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 20.0.5): 27.1.5
Operating system and version (eg, Ubuntu 20.04): Debian GNU/Linux 12
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.57 (Debian)
PHP version (eg, 7.4): PHP 8.2.7

The issue you are facing:

As admin audit log record connections to NextCloud (login = personal data).
As the GDPR requires personal data to have a limited lifespan by default (generally between 6 months and 1 year for this type of data). Art. 5 GDPR, (e): “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”.
Insofar as NextCloud does not allow any control over how long Admin audit log are kept and only allows rotation on file size, I’m afraid that no NextCloud user can claim to be GDPR compliant.
Am I wrong? Is there a way to control the length of time connection logs are kept with NextCloud?

Thanks for your answer

n0plan · January 8, 2024, 3:03pm

can u post a line of the log and mark the GDPR data

here no deal with GDPR and log files only some more documentation

br NP

ernolf · January 8, 2024, 3:31pm

You should do logrotation by the logrotate daemon instead of the nextcloud server itself.

First of all, move your logfiles out of the netcloud data directory to /var/log/nextcloud/*

sudo mkdir -p /var/log/nextcloud
sudo chown www-data.www-data /var/log/nextcloud

Create this file:
/etc/logrotate.d/nextcloud

var/log/nextcloud/*.log {
    su www-data www-data
    size 10M
    missingok
    daily
    rotate 7
    maxage 30
    dateext
    dateformat -%Y%m%d
    create 640 www-data www-data
    compress
    delaycompress
}

Here are the main lines used for deleting log files based on age:

rotate 7: Keeps up to 7 older log files.
maxage 30: Deletes log files older than 30 days.
You can adjust these values according to your requirements. Note that daily ensures that log rotation occurs daily. The dateext parameter adds the current date to the rotated log file name, and dateformat -%Y%m%d specifies the date in year-month-day format.

You have to change the log settings from your config.php (example):

config/config.php

  'logtimezone' => 'Europe/Berlin',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logfile_audit' => '/var/log/nextcloud/audit.log',
  'log.condition' => 
  array (
    'apps' => 
    array (
      0 => 'admin_audit',
    ),
  ),
  'log_query' => false,
  'loglevel' => 2,
  'log_rotate_size' => 0,

With 'log_rotate_size' => 0,Nextcloud does not logrotate at all and so it can be carried out by the operating system’s logrotate service, which guarantees GDPR compliency.

Hope this helps!

Much luck,
ernolf

evamed · January 8, 2024, 3:54pm

I forgot to mention that you need to activate the Admin audit log to reproduce (otherwise no admin log

Here are the lines :

{
  "reqId": "3ZN6x3JD8oWVZpYsRFoe",
  "level": 1,
  "time": "2024-01-08T15:44:37+00:00",
  "remoteAddr": "10.0.2.2",
  "user": "--",
  "app": "admin_audit",
  "method": "POST",
  "url": "/index.php/login",
  "message": "Login attempt: \"GDPR_DATA\"",
  "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0",
  "version": "27.1.5.1",
  "data": {
    "app": "admin_audit"
  }
}
{
  "reqId": "3ZN6x3JD8oWVZpYsRFoe",
  "level": 1,
  "time": "2024-01-08T15:44:37+00:00",
  "remoteAddr": "10.0.2.2",
  "user": "GDPR_DATA",
  "app": "admin_audit",
  "method": "POST",
  "url": "/index.php/login",
  "message": "Login successful: \"GDPR_DATA\"",
  "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0",
  "version": "27.1.5.1",
  "data": {
    "app": "admin_audit"
  }
}

I’ve replaced logins by GDPR_DATA

evamed · January 9, 2024, 9:40am

Thanks Ernolf,
It’s exactly what i need.
My mistake was to persist in looking for a solution specific to NextCloud

system · January 17, 2024, 9:41am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.