Logging facility question



When I enable ‘Log accesses of internal users’ i’d expect that fx. when a reciever deletes a tip, that it is logged that the reciever with ‘username’ deleted Tip with ID… But the only thing I see when I enable ‘Log accesses of internal users’ is that IP addresses stays in the log file for admin, custodian and reciever access.

What is the idea behind ‘Log accesses of internal users’ ? or is it a bug that these things aren’t logged?


@mryber: the system was designed for critical threat models where a complete audit was not necessary and possibly dangerous. To be precise till one year ago the system was not keeping even the number of the submision arrived, that was considered dangerous information if found out by an external organization to the project.

From the recent use cases of the past years in the world of compliance we are now getting the need for a full autidable system with a complete set of audit facilities of which the log of the IP address of internal user is an example.

What you are asking is already tracked by ticket https://github.com/globaleaks/GlobaLeaks/issues/1956 but this part of the roeamap is currently not covered by any funding. We are trying anyhow to move it forward time to time and i expect that proceeding best effort the feature could be fully implemented in 6-8 months from now.

It would be really valuable if you could write on tickets all your ideas and requirement around this or other features. This helps us showing we have a big community of users with their needs and to apply for funding.


Giovanni Pellerano


@evilaliv3 Thanks for the quick response and your answer. I’ll follow the ticket and put any ideas or what else comes to my mind, which could be useful into the ticket.