IIS Log Files – GDPR

Solved1.63K viewsDataMiner GDPR IIS
2
0 Comments

With regards to GDPR, we received the following questions regarding the use of IIS with DataMiner:

Does this web server log incoming requests and errors in a regular log file or similar?

How long are these records kept, and can this be configured?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023

2 Answers

4
6.50K 0 Comments

By default, IIS on Windows Server versions log site activity into log files. This can be configured in IIS Manager, by clicking on "Logging":

These log files are by default kept forever, but it's possible to set-up a scheduled task to delete older files.

It's a common practice that web servers log activity, Apache on Linux systems will do just the same. If there would be any abusive use, which could lead to the server to go down, at least you'll still have some logging that will give some ideas of what has happened.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023
0
8.64K 1 Comment

To my knowledge, DataMiner doesn't do any supplementary logging in terms of user activity on the Microsoft IIS level as compared to the standard logging that Microsoft does with this product.  So, that means that this question then boils down to standard logging done by Microsoft in IIS, and whether that is GDPR compliant (it would be surprising if it were not, I would say), how long those records are kept and whether this can be configured.  This help file seems to elaborate on the standard logging features available for Microsoft IIS, and what kind of information it can store.

The first logging that starts by DataMiner is once the user is authenticated.  From that point onwards, information is stored about who logged in to DataMiner, from which machine, and a broad range of activities in DataMiner (for example: which elements were accessed in DataMiner, what kind of settings were performed, what kind of changes were made to the configuration of DataMiner such as assigning an alarm template, adding elements, views, etc.).   Most of this is logged as so-called information messages, although there will be traces of user activity maybe also in log files in DataMiner.  The life span of all of these, both information messages and log files, are entirely user-definable.

Sammy Dewilde [SLC] [DevOps Advocate] Posted new comment 27th August 2020
Sammy Dewilde [SLC] [DevOps Advocate] commented

To complement the above, and FYI, a general explanation about how DataMiner ensures GDPR-compliant processing of data can be found in the FAQ: https://community.dataminer.services/documentation/faq-general/#GDPR_compliant