wiki:web_server_logs

How does web site logging work at May First/People Link?

Overview

Web servers have the ability to keep track of your computer's IP address, the particular web page you are visiting, the date and time you visisted, and other pieces of information about you, like what kind of computer and what kind of web browser you are using.

For many of us, this information is critically useful. We use it to find out what is the most popular page on our web site, how many people are visiting our site and how long are they staying. We can keep track of whether our audience is increasing or decreasing. This information helps us make better web sites and has a minimal impact on the privacy of the people viewing our web sites.

However, during government investigations (such as the Trump administration's investigation into the counter-inaugural protests), this information can be subpoenaed and used against us. While most of us have a hard time converting an IP address to a particular individual, the government can use their legal powers to do exactly that by forcing our Internet Service Providers (e.g. Verizon and Comcast) to tell them which customer was using a given IP at a given date and time.

If your web site is being used to organize, your web logs are at risk of being subpoenaed. May First/People Link has a long history of fighting such requests, however, you may want to read on to find out how you can better protect your people.

Turn Off web logging

You can turn off web logging on your site via the Members Control panel by clicking on the Web Configuration tab of your site.

Click the "Show advanced settings" button and then find the field called " Logging". See it to: Disable Logging.

Is that all?

Turning off web logging is a good first step, but it is not all.

If you are using a service like Google analytics - then all the data is going straight to Google. There is nothing you can do about that except disable Google Analytics on your site.

Additionally, if you are using Google Fonts, incorporating Facebook or Twitter code into your site, or pulling data from other services like this - then every visitor to your site is being logged by Google, Facebook, Twitter, etc. Some steps you can take to mitigate this problem include:

  • Download all fonts to your site - so each visitor doesn't have to make a request to Google or wherever the font is stored
  • Download all social media icons to your site rather than have each visitor load them from Google, Facebook, etc. In addition, don't use javascript provided by these companies - instead, create your own links so people who choose to repost via Twitter or Facebook can click on a link that will open a new page in Twitter or Facebook - but people who choose not to click on those links do not have their privacy compromised.

Accessing your logs

If logging is enabled, you can see the logs for any web site from your organization by looking in the filesystem on your primary server. For example, if the member organization named foo has a web site named example.org, the logs for that web site can be found at:

/home/members/foo/sites/example.org/logs/

In that directory, the file named web.log is the most recent log, web.log.1 is from the previous full week, and web.log.2.gz, web.log.3.gz, etc. are compressed logs from previous weeks. (This is the Apache access log.)

In addition, you will see error.log, which has the same naming convention. The web.log files are "access" logs - meaning they have a line for every item on your web site that was requested. error.log shows errors that were encountered.

These logs, written to by the Apache web server that runs your site, and will include any PHP errors and notices caused by your site. This is useful for diagnosing errors in the functioning of your site and checking for potential problems indicated by notices. In short, read Apache logs for PHP errors.

Last modified 10 months ago Last modified on Jan 18, 2019, 12:04:03 PM