Release of Log Data

From Security Wiki
Jump to navigationJump to search



SDSC periodically receives requests for information from log files. Log records which identify user activities may be protected and require authorization for release. This document provides some general rules under which authorization can be granted without making an individual request. Any release requested outside the scope of these rules requires the consent of the SDSC Security Manager and possibly SDSC executive management.


Transactional log records are protected under the UCOP Electronic Communications Policy (ECP). Further interpretation of that policy is provided by UCSD in (ref policy doc here).

The ECP declares transactional records (e.g. sendmail logs showing who sent and received a message) to be private, and requires authorization by the record owner.

The UCSD policy identifies the owners of the record to be the user(s) identified by the record, and the system administrator of the system which generated (recorded?) the record. Only one owner is required to give authorization for release.

NOTE: mail logs which identify sender and recipient may be further restricted to authorization by one of those two parties. This requires further review at this writing.

SDSC Authorization

The system administrator or his/her supevisor can authorized release to transaction records without any additional authoriation. The information release should be limited to the scope of the request and the request should be reviewed for appropriate scope. (e.g. the requestor may ask for everything but really only needs a small subset -- the requestor should be told to be more specific about what he/she wants).

Anonymization of usernames and hostnames is recommended where possible, but not required as long as the appropriate authorization is porivded.

Log records which do not identify users are not protected and can be released at the discretion of the system owner. The exception to this rule is log data which might contain information about the system which can directly be used to compromise the system, such as passwords. (While passwords normally are not contained in log messages, they sometimes are inadvertently recorded, such as when a user accidentally types their password when prompted for their username).

The system owner has the discretion to refuse a request. The authorizations granted under this policy do not specify a requirement to disclose, only the conditions under which disclosure can be done.

Mail logs may require stricter authorization. At this writing, consult with the security manager before releasing mail logs.