Join Log in
Score:0
FormigaNinja avatar Server

Encrypt nginx log files

gb flag
FormigaNinja

Is it possible to encrypt nginx log files? If so, would the logrotate saving time the best time to do so?

The background for this is that the client is concerning about security issues that can happen having some user (login id) saved on access logs when a third party service send something through webhook apis.

I was not able to find this specific answer, and I'm wondering if it is not a popular (or correct) measure to prevent user info leaks. Am I missing something?

116
0 + 0
Score:4
avatar Server
jp flag
AlexD

You can send access_log through syslog or a named pipe (man mkfifo) and then encrypt the logs but normally you just don't log anything sensitive and you don't send anything sensitive in such a way that it can be logged.

If you feel that "login id" is sensitive information then don't send it as a part of a URL as the URL can be logged anywhere - the sender system, an intermediate proxy or firewall, load balancers etc.

0 + 0
Score:4
avatar Server
cn flag
Bob

I would re-think your risk and threat scenario's before your decide on "encryption is the solution".

Because in general access to system logs requires administrator level access and privileges and those that already have such level of privilege can usually also already directly access the user/application data regardless of what info about them ends up in the logs.

But if certain information is indeed too sensitive to keep in clear text log files, IMHO you should sanitise what you log, rather than continue logging it. Consider creating a custom log_format (where you for instance log the $uri rather than the $request ) and use that for your webhook API's to prevent logging of GET parameters.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.