Audit log retention and IP

Hi,

By default the audit log deletes events older than 3 months (90 days).

This value can be changed using the following define:

define(‘AIOWPSEC_PURGE_AUDIT_LOGS_AFTER_DAYS’, 90);

Change the number to how ever many days you want the log to clear old events after e.g 365 would clear events older than a year.

There is currently no way to disable recording of the IP address.

Is there a reason you would like to do that?

Best Wishes,

Ashley

Thanks for the prompt reply, much appreciated. I hadn’t spotted AIOWPSEC_PURGE_AUDIT_LOGS_AFTER_DAYS so that works nicely. Is there a list of these items & hooks (apologies if I have totally missed it). Most accept IP log and have it in their policy along with a retention schedule but a few I have known have made the request IP’s not to be kept or to be anonymised. I know it will reduce the usefulness of the log.

Hi Nick,

Sorry about the delay.

We don’t currently have all our hooks and constants documented but we are working on it.

I’ve also added a ticket to our task tracker to discuss anonymizing the IPs in the audit log, I will update you on what we decide to do.

Best Wishes,

Ashley

Hi Nick,

Version 5.2.0 has just been released and this includes a filter that will allow you to change the IP recorded in the audit log.

You can add an mu-plugin with something like this:

function aios_audit_log_event_user_ip($ip) {

return 'not recorded';

}

add_filter('aios_audit_log_event_user_ip', 'aios_audit_log_event_user_ip');

Best Wishes,

Ashley

• This reply was modified 1 year, 7 months ago by aporter.

Thanks, will give it a try.

Excellent, works perfectly. Just in case others are also looking, to anonymise the IP instead of not recording at all:

function aios_audit_log_event_user_ip($ip) {
    return wp_privacy_anonymize_ip( $ip );
}

add_filter('aios_audit_log_event_user_ip',  aios_audit_log_event_user_ip');