You know, when the feds raid an ISP for the information on P2P network users, I read aboout them getting the “logs” from the server.
I assume the information is something like:
Account, Time, IP, Connected to IP, Time.
Is that it or are they much more sinister?
It can be pretty much anything the administrator chooses to log. It could be every single packet (unlikely) to nothing (keeping no log make complying with requests very easy).
To be safe, always assume everything is logged, and will be kept forever. That way you will never be surprised.
Depending on the type of server software and admin the logs can show:
IP address
Access time
Version of the software used to access the server and OS type and version
File accessed
User name used to connect (if any)
For example: If I read over my webserver logs I could see that someone from the IP address 1.2.3.4, which is on foobar.com’s network, looked at every file in my “picture” directory starting at 3:15 am on jan 1, 2005 using Internet Explorer 6.5 from a machine running Windows PX SP2.
For the server I’ve been working with as of late, there are two logs: the access log, which tracks http requests and whatever info goes with them; and the server log, which tracks pretty much everything that happens on the server. The access log for a day might be 50-200 kB, whereas the server log for that same day would be 30-50 MB.