[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

[grarpamp]

On Sat, Aug 8, 2015 at 2:03 AM, nusenu <nusenu at openmailbox.org> wrote:
> that implies that USU exit relays store significant amount of logs
>
>> node. I said that we had extracted and filtered the requested data,
>> it was 90 4 gig files (for a total of 360 gigs of log files) or
>> about 3.2 billion log entries.
>
> If you can confirm that the comment is authentic I'd be interested
> what kind of tor related data you are logging at your exit relays and why.

It's most likely netflow logs. Quite popular in Uni / regional ISP
environments. People collect them for network stats, and to track
down "security incidents". (Such logs by their very existance, and in
absence of very strong policy, also generally attract dogooder suckup
to whoever comes calling for them, be it their own internal network /
security / employment / political queries, or from external parties).
The USA has no EU style logging requirements, nor really laws beyond
the mashup of wiretap / FERPA / PCI type stuff and internal "policy".
Some might not keep anything, some 1wk / 1mo / 90d / 6mo / 1y
or more, or whatever the disks can hold.
Netstats can be aggregated down, but the other raw uses
typically retain under "well, better keep them just in case".
Once you start it's really hard to stop. Some places do in fact have
really good policies, either from the start, or after years of debate.