Anonymize client IP addresses in Joomla log files - how?

[gba]

Hello!

How can I make Joomla replace the last 2 digits of the IP addresses logged in the Joomla log files with *?
i. e. error.php, joomla_update.php

Kind regards,
Gerald

[gba]

Hi again!

@Development team:
As this is a serious matter concerning GDPR I'd be grateful for your feedback to my inquiry.
Thank you very much in advance!

Kind regards,
Gerald

[pe7er]

As this is a serious matter concerning GDPR I'd be grateful for your feedback to my inquiry.

Thank you for your concern! Privacy is IMHO a very important subject and complying with the GDPR too.

However I don't think that this is a GDPR or privacy issue.
IMHO you don't need a technical solution. Just document it in your Processing Index and in your website's privacy statement.

The Processing Index is documentation for the Privacy Authorities about your processing activities: details of the controller ( = responsible person), data categories, the purpose of the data processing, legal justification, categories of recipients (with who do you share the data), deleting deadline, security measures to safeguard that data).

Legitimate interest of the controller

• To me collecting IP addresses that cause errors (by default logged in administrator/logs/error.php) on your website seems like a legitimate interest of the controller: As website owner you need to be able to find the cause of errors and solve them.
• The update logs (by default logged in administrator/logs/joomla_update.php) don't record visitor's IP addresses but only the name + IP address of the super administrator who did the update.

When you add this info to your Processing Index and privacy statement, you should also add that your web server (Apache, Nginx, etc) also keeps visitors IP addresses in its server logs by default. But maybe you've chosen to disable that. Those server access- and error log files are temporary kept on the server for solving errors or safety (register hack attacks and blocking those IPs your server's firewall automatically using fail2ban)

If you don't agree with me, no worries :-)
You can always create an issue about it at: https://github.com/joomla/joomla-cms/issues
If other people agree with you, then maybe we can make the collection of IP address with errors / updates optional.

[gba]

Hi!

Thank you very much for taking time for my question!

I do understand your explanation and your point of view.
Actually I indeed have to enable IP address masking in the access_log / error_log on the web servers of some customers.

Due to different requirements by customers, in my opinion Joomla should leave it up to the website admin to choose whether the IP addresses in Joomla's log files are masked or not - ideally for each log file separately.

Who does agree with me in that issue?

Kind regards,
Gerald

BTW: I created an issue on Github https://github.com/joomla/joomla-cms/issues/34735.

[pe7er]

BTW: I created an issue on Github https://github.com/joomla/joomla-cms/issues/34735.

Great!

If someone creates some code to make it configurable, and it will be added to the Joomla core, then it will only be for Joomla 4.x. There won't be new features added to Joomla 3.

Another option to change Joomla's behavior is with plugins.
I guess that it's possible to write a plugin that removes that information before it is stored.
Or removes it afterwards from the database table.

[gba]

Here is my code:

Code: Select all

JLog::addLogger(
	array(
		'text_file' => 'my.php',
		'text_entry_format' => '{DATE}|{TIME}|{CLIENTIP}|{PRIORITY}|{MESSAGE}'
	),
	JLog::ALL,
	array('myarray')
);

$entry = new Joomla\CMS\Log\LogEntry('mytext', JLog::ERROR, 'myarray');
$entry->clientIP = substr(Joomla\Utilities\IpHelper::getIp(),0,-2).'**';
JLog::add($entry);

[gba]

Here is my code:

Code: Select all

JLog::addLogger(
	array(
		'text_file' => 'my.php',
		'text_entry_format' => '{DATE}|{TIME}|{CLIENTIP}|{PRIORITY}|{MESSAGE}'
	),
	JLog::ALL,
	array('myarray')
);

$entry = new Joomla\CMS\Log\LogEntry('mytext', JLog::ERROR, 'myarray');
$entry->clientIP = substr(Joomla\Utilities\IpHelper::getIp(),0,-2).'**';
JLog::add($entry);

Is that of help for you?