I think these legal requirements are stupid.
But there is no way that I would regard adherence to Rob and Ari's
slapped together log format a defense against non-compliance. If you
have a legal obligation you have an obligation, end of story.
The W3C log format I designed is supported by all the Web servers I
use and allows for most data imaginable to be logged.
On Fri, Nov 13, 2009 at 4:49 AM, Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:
A really big NAT serving, say, eighteen million customers, can easily be so
dense that if there's a bit of clock skew between a web server and the NAT
operator, another customer might have used the same port at the time
recorded by the web server.
Therefore, I think it's safer to say that it's the NAT operator's
responsibility to log enough. Umpteen million web sites will continue to use
apache's common log format, so the NAT operator has to log what's needed to
work with that format anyway.
Arnt
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
--
--
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf