Apama 10.15.0 | Developing Apama Applications | Protecting Personal Data in Apama Applications | Handling personal data "at rest" in log files | Protecting and erasing data from Apama log files
 
Protecting and erasing data from Apama log files
To protect the security of personal data in log files, it is important that operating system file permissions are set on the log files and directory containing them to ensure that only the correlator process and authorized system administrators have access to the files. On Windows, this would mean setting an inheritable Access Control List (ACL) limiting read access to the contained files. On UNIX systems, this would involve restricting read and execute permissions to only the owning user (that is, 700) and if possible also setting a umask of 0077 on the correlator process to ensure files created by the correlator also have locked down permissions.
As there are many situations in which usernames, IP addresses or events containing personal data may be logged, including by customer-provided plug-ins and third-party libraries, it is not practical to enumerate all of the log messages that may contain such data, or the set of categories they may be logged under.
Log files are by nature immutable and formatted for reading by human system administrators (not machines), so rectification of data contained within them does not make sense, and erasure of data for individual persons is not practical. The retention of complete information in log files also serves an important and legitimate purpose, in providing a security audit trail, and the ability to diagnose and fix accidental or unlawful events compromising the availability, integrity or confidentiality of the application and personal data it contains.
For these reasons, the recommended approach to protecting personal data in Apama log files is to regularly rotate the logs, and archive the old log files to a secured location protected by encryption.
Optionally, old log files may be deleted after a set time period, though this should be done only when necessary as it will destroy information that might be important for diagnosing bugs or attacks that compromise the integrity or availability of the application. Software AG may not be able to provide assistance with support requests if the relevant log files have been deleted.
Apama provides a variety of mechanisms for rotating its various log files. These can be combined with operating system features such as Linux's periodic cron jobs, Windows Scheduled Tasks, or common utilities such as logrotate and gnupg, to implement whatever log handling scheme best fits with your organization's data protection policies. For full information about how to rotate logs, see the following topics:
* Rotating correlator log files.
* IAF log file rotation.
* Rotating the log files of the data server and display server.
You may wish to inform your employees or end-users - or in some cases request from them - regarding the fact personal data may be stored in server log files, along with details of the steps your organization takes to protect the data they contain.