I like OSMC, but today it sent all my logs to the internet without asking me for that. I just wanted to upload them to a local share, what makes more sense than posting them publicly unencrypted.
But lets skip how unpro that is - how do I delete them from there?
They are purged automatically after some time. If you donāt provide the URL to anyone then itās unlikely they will ever be viewed by anyone.[quote=ā10fi, post:1, topic:13868ā]
But lets skip how unpro that is
[/quote]
Unprofessional? YOU are the one who pressed the key that initiated the creation/upload of the logs. OSMC does not just upload logs without being directed by the user to do so. You made the error to upload logs by overlooking/ignoring the setting which simply saves them to local.
" If you donāt provide the URL to anyone then itās unlikely they will ever be viewed by anyone."
Security by obscurity dude, they can viewed by bots and hackers with eg wfuzz. Or wget/curl with regular expressions.
And yeah, that is unpro, since I should be given a choice WHERE I want to upload. How am I to guess, that this will be published on the Internet, rather than being sent via ftp/smb to my NAS (what is exactly what I expected by upload).
So let me repeat the question: how do I remove the logs ?
If the option was not there to configure some local path then I donāt know where you got the expectation that they would be saved to some local location. The button you clicked says āUpload Selected Logs Nowā
You donāt. Try not to make the mistake in the future.
Logs are purged once a month, I think.
Unless all your personal info is in the logs, I wouldnāt worry about it.
Letās not turn this into a drama, regardless of former comrade toastās input and advice.
What kind of PII (personally identifiable information) are we talking about here? I just looked over my log files (and I uploaded the whole shebang), and I donāt see any personal information. I suppose the IP address is there, and maybe Iām less caring than some, but I donāt see that as very sensitive.
If there are specific bits of PII that should be removed, maybe pointing out exactly what those are could help the dev team filter those out of log files during the auto-upload process?
Over all, personal information is hardly useful in a log file so I can see the logic in not including it. But, as stated, I also donāt see any in the logs.
Unlike youā¦ and if you wish to have a history here I suggest you change your attitude.
You must understand what āupload logsā means, I doubt you Googled a definition after you clicked āsubmit/OKā
The chances of anyone getting the correct string to retrieve your logs that you knowingly uploaded are pretty darn slim, really really slim.
1/ Network shares + Files names (e.g. Snowden\NSA_boot_camp) or simply names in file names (e.g. sources.xml or failed databases lookups)
2/ All sort of info which plugins/addons will dump to logs
3/ License numbers (e.g. ādecode_MPG2=ā)
4/ IP numbers
5/ Serial numbers of hardware (maybe MACs as well)
6/ Passwords (if you place by accident the password in login prompt, what happens to me quite often, since I have autologon in SSH client)
7/ Failed log-in logins
8/ NAS Host names
9/ SSH Client hostnames (quite likely to contain name)
I didnāt look at other users logs, but I guess much more could be found.
1/ Network shares + Files names (e.g. Snowden\NSA_boot_camp) or simply names in file names (e.g. sources.xml or failed databases lookups) Oh hi. My network shares all point to my server called NobKitten. This hosts my SQL and my media and many other service. Hack me bro.
2/ All sort of info which plugins/addons will dump to logs Point being? These plugins and addons are most likely available to the public, and the code is out there for anyone to see right?
3/ License numbers (e.g. ādecode_MPG2=ā) Only valid for your device as they are linked with the serial number of the rpi and useless to anyone else
4/ IP numbers
Internal ip addressesā¦ so? Hereās mine. Go wild.
5/ Serial numbers of hardware (maybe MACs as well) See previous response.
6/ Passwords (if you place by accident the password in login prompt, what happens to me quite often, since I have autologon in SSH client) So? Unless you have enabled ssh access from external locations, which youād be an idiot to do without changing the default port, nothing is going to happen.
7/ Failed log-in logins8/ NAS Host names So? My NAS ip addy is 192.168.1.10 root/C0pp3rFly!
Really go wild with that one.
9/ SSH Client hostnames (quite likely to contain name) Please stop being a drama queen.
Who cares what your mpeg2 codec is? Itās locked to the serial number of your Pi and useless to anyone elseā¦
Guess what? Tens of thousands of ppl have a pi that has been assigned 192.168.1.69 as itās IP address within their local LANā¦ Who would care?
Who cares what your MAC or serials are? Seriously?
Sounds like a personal problem to meā¦ Seems someone so concerned with security would have developed better habits than to do something as wreckless as thisā¦
Again, who gives a hoot? And why are you failing logins so often? Again, a personal issue of someone who purports to be overly security mindedā¦
Within your LANā¦ Who caresā¦ Someone so concerned with security certainly has an appropriately configured firewallā¦
No one outside your LAN cares about your hostnamesā¦
For someone who wishes to be so security conscious, you sure donāt seem to have a very good understanding of your actual exposureā¦
Logs are uploaded so people can share them easily with anyone that might be able to help them with their issue. That necessarily means that they need to be public and not encrypted.
I am as sympathetic to your complaint as I would be to that of someone who insists that it is unprofessional to be left with the same hardware after they clicked on āFactory Resetā. Please stop being the reason companies have to write āDo not eatā on silica packets.
The way you guys got personal with my question assures me it is a waste of time to explain it further. I will not reply with similar aggressive replies to you as I donāt care about you.