For all servers, SSH access logs are permanently archived in our intrusion detection system (IDS) database, which is replicated and backed up nightly. A copy of the SSH logs is also streamed to Amazon S3 as a redundant measure.
For our database-as-a-service plans, database logs are stored on a local encrypted volume and rotated periodically. A copy of the logs is also streamed to Amazon S3 for permanent storage.
For virtual server environments that utilize the Dokku framework or Docker Compose, every container log is automatically archived to Amazon S3 as well.
For virtual servers not using Dokku or Docker Compose (typically our legacy server plans), in which applications are deployed directly to the virtual machine, there is a common log directory on the encrypted data volume located at /data/log. Any logs stored there are encrypted at rest and automatically rotated. Thus, customers are responsible for ensuring their application is configured to persist their logs there, if the logs contain any PHI. If customers would also like to permanently archive these logs in Amazon S3 in an automated manner, they can submit a help desk ticket.