Comment by southerndrift
7 years ago
Isn't there a problem with GDPR compliance if you want to serve European pages? You are allowed to log IP addresses for security reasons. However, as far as I understand the situation, you need the agreement of the users if you use their personal data, which includes IP addresses, for anything else.
Has somebody figured out how to resolve this situation with log files?
Looks like goaccess supports --anonymize-ip=true which sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros.
source: https://github.com/allinurl/goaccess/blob/master/config/goac...
You can use goaccess to create a log every day to json, excluding IP while retaining stats for geolocation.
For this you can logrotate daily and run goaccess before rotation. I believe you can keep the server logs for a week for debugging while respecting GDPR.
For today's "realtime" data you can use goaccess on today's log on demand and use a cache.
You can write your custom stat viewers or use goaccess to view time range data from multiple json files.