5651 sayılı yasa nedir?

5651 sayılı 'İnternet Ortamında Yapılan Yayınların Düzenlenmesi ve Bu Yayınlar Yoluyla İşlenen Suçlarla Mücadele Edilmesi Hakkında Kanun', internet servis sağlayıcıların ve içerik sağlayıcıların kullanıcı log kayıtlarını 2 yıl süreyle saklamasını zorunlu kılan Türkiye yasasıdır.

Hangi şirketler 5651'e uymak zorunda?

Internet servis sağlayıcılar (ISP'ler), hosting hizmeti veren şirketler, otel/cafe/AVM gibi misafirlere internet sunan işletmeler, içerik sağlayıcılar ve toplu internet erişim sağlayıcıları 5651 sayılı yasaya uymak zorundadır.

Loglar ne kadar süre saklanmalı?

5651 sayılı yasa madde 6/A uyarınca tüm trafik bilgileri en az 6 ay, en fazla 2 yıl süreyle saklanmalıdır. Pratikte BTK 1-2 yıl saklama önerir. KVKK kapsamındaki kişisel veriler için ayrıca işleme amacı sona erince silinmelidir.

Logların bütünlüğü nasıl garanti altına alınır?

5651 yasası logların değiştirilmemesini garanti altına almayı zorunlu kılar. OxiSec, her log paketini HMAC-SHA256 algoritması ile imzalar. İmza değiştirilirse anında belli olur. Bu, mahkemenin delil kabul etmesi için gerekli teknik bütünlük şartını karşılar.

Mahkeme delil olarak hangi formatta loglar talep eder?

Mahkeme genellikle CSV/TXT formatında, imza hash'iyle birlikte, kaynak belirtilmiş şekilde loglar talep eder. OxiSec Forensic Bundle özelliği bu formatı otomatik üretir: log dosyası + manifest + HMAC imzası + delil zinciri.

Mail logları 5651 kapsamında mı?

Evet. Eğer kurumunuz mail sunucusu işletiyorsa (Plesk, Postfix, Exchange vs.) mail trafiği iletişim verisi sayılır ve 5651 kapsamında saklanmalıdır. KVKK kapsamında ise mail içeriği hassas kişisel veri olarak korunmalıdır. OxiSec bu logları HMAC ile imzalı arşivler.

OxiSec 5651 logları için ne kadar saklama sunar?

Plan'ınıza göre 90 günden başlar (Starter), Business planında 1 yıl, Enterprise planında sınırsız saklama vardır. Yasal 2 yıl gereksinim için Professional plan ve üzeri uygundur.

5651 Compliance with OxiSec – Automated Log Retention

Yasal Arkaplan

What is 5651, who has to comply?

Law No. 5651 regulates the control of internet communication traffic in Turkey. In effect since 2007, it requires log retention.

📋

Full Name of the Law

"Regulation of Publications Made on the Internet No. 5651 and the Law on Combating Crimes Committed Through These Publications"

article 6/A:"Traffic information is stored for at least 6 months and at most 2 years. To ensure the accuracy and integrity of the content "It is recorded and necessary security measures are taken."

🏢

Who Must Comply?

✓ Internet Service Providers (ISP)
✓ Hosting companies (web, mail, VPS)
✓ Hotel, shopping mall, cafe — establishments that offer guest wi-fi
✓ Public internet access providers
✓ Content providers (forum, social media)

What happens to those who do not comply?

Institutions that do not comply with BTK inspections10,000 TL - 100,000 TLAn administrative fine is imposed between 2024 and 2024. Again, the punishment doubles. Also in court proceedings lack of logslack of evidencecan create.

How Does It Work?

5651 compliance in 5 steps with OxiSec.

No need to worry about manual CSV export, file copying or cron writing. The whole process is automated in the background.

Introduce Device — Tick "Keep 5651 Log"

Introduce a firewall (FortiGate/MikroTik/Sophos) or mail server (Plesk/Postfix). On the devices page ⚖️ 5651 Click the button. So.

Automatic Bundle per Hour

Background worker runs once an hour. It collects all logs for that hour and converts them to CSV format. Tab-separated, RFC compliant format — can be opened with Excel/Notepad.

HMAC-SHA256 Signature

Each bundle file is signed with the product key. If you change the file by 1 byte, the signature will be invalid — The court can check this.

Audit Trail in the database

Which bundle was produced when, who downloaded it when — all forensic_bundles andaudit_log in his paintings. When the court asks "who accessed it?" Answer to the question.

30 Seconds for a Court Request

Go to the 5651 Logs page from the panel, select a date range, click "Download". With printed signature ready in the same minute. Integrity check can be done with the "Verify" button.

Kapsam

Which logs are covered by 5651?

OxiSec archives two main types of signed logs. A third one is nearby if you need it.

🛡️

firewall / Traffic Logs

A record of every traffic request to/from the Internet. ISPs and Mandatory for bulk internet providers.

✓ Source/Destination IP + Port
✓ Protocol (TCP/UDP/ICMP)
✓ Action (allow/deny/drop)
✓ Username (connections with auth)
✓ timestamp (accurate to seconds)

📧

Mail Communication Logs NEW

e-mail traffic on Plesk/Postfix servers. Also within the scope of KVKK important — considered personal data.

✓ Sender and recipient addresses
✓ Mail status (sent/bounced/deferred)
✓ SMTP relay information
✓ Auth records (who sent emails)
✓ Geographic origin (IP geolocation)

Coming soon: Web Access Logs

Apache/Nginx access logs for web hosting customers will also be archived with signatures. 5651 section 5 coverage for content providers.Q3 2026.

Sample Output

What does the bundle file look like?

Tab-separated format, one record per line. It can be opened in Excel and Notepad.

📄 2026-05-11_14-00_mail.txt

✓ SIGNED

# 5651/KVKK Mail Contact Log
# Customer: Anadolu Energy SPP (ID: 11)
# Period: 2026-05-11 13:00 - 14:00
#Produced: 2026-05-11 14:00:03
# Format: DATE TIME EVENT ACTION SRC_IP CC FROM TO RELAY STATUS

2026-05-11 13:02:15 mail_send SENT 203.0.113.45 TR user@firma.example client@gmail.com smtp.firma sent
2026-05-11 13:05:31 mail_delivery - 198.51.100.5 TR - client@gmail.com gmail-smtp 250-OK
2026-05-11 13:18:42 smtp_auth FAIL 192.0.2.88 RU - - - failed
2026-05-11 13:18:43 smtp_auth FAIL 192.0.2.88 RU - - - failed
2026-05-11 13:25:09 mail_send SENT 203.0.113.45 TR sales@firma.example buyer@outlook.com smtp.firma sent
...

🔒

Manifest (Signature)

It is generated with every bundle file. Keep the hash, then verify integrity.

{
  "bundle_id": 12345,
  "file": "2026-05-11_14-00_mail.txt",
  "size_kb": 47,
  "line_count": 1847,
  "hash_sha256":
    "a8f3c9d2e7b4f1a9...",
  "hmac_signature":
    "sha256=2c4d8e6f...",
  "signed_at":
    "2026-05-11T14:00:03Z",
  "algorithm":
    "HMAC-SHA256"
}

Court:"Has this file been modified?"
Reply:"Verify" → ✓ Integrity preserved

SSS

Frequently asked questions about 5651

What is law number 5651?

The full name of law no. 5651:"Regulation of Publications Made on the Internet and the Law on Combating Crimes Committed Through These Publications". It came into force in 2007, and internet service providers and content providers user log recordsfor 2 yearsIt is Turkish law that obliges it to keep it. It is audited by BTK (Information Technologies and Communications Authority).

Do I need to be 5651 compliant for my hotel?

Yes."Mass Use Provider" if you provide wi-fi to your guests You are in the status and fall within the scope of article 7 of 5651. your guest You have to keep connection records (IP, MAC, room number, time) for 2 years. Our Hotspot Analytics module automatically archives these records with 5651 signatures.

How long should logs be kept?

article 6/A of Law No. 5651:"Traffic information is stored for at least 6 months and at most 2 years."In practice, BTK recommends storage for 1-2 years. Purpose of processing for personal data in accordance with KVKK OxiSec has automatic retention management as there is a requirement to delete upon expiration — Bundles older than 2 years will be deleted in compliance with GDPR/KVKK.

How to guarantee the integrity of logs?

Law 5651 ensures that logs are not altered ("to ensure their accuracy and integrity") obliges to guarantee it. OxiSec secures every log packetHMAC-SHA256Signs with algorithm. A unique signature is generated for each file. Even if 1 byte changes The signature is distorted — it is immediately obvious. This is necessary for the court to accept evidence Meets the technical integrity requirement.

In what format does the court request logs as evidence?

The court usuallyIn CSV/TXT format, with signature hash, source indicatedIt requests logs as follows. The OxiSec Forensic Bundle feature automatically generates this format: log file + manifest (JSON) + HMAC signature + chain of evidence. Downloaded as a single file can be presented to the court. Who downloaded it is also recorded in the audit log.

Are e-mail logs covered by 5651?

Yes.If your institution operates a mail server (Plesk, Postfix, Exchange, etc.) e-mail traffic is considered "communication data" and must be stored under 5651. Within the scope of KVKK, e-mail contentsensitive personal datashould be protected as. OxiSec archives these logs signed with HMAC, only authorized admins can access them.

How much retention does OxiSec 5651 offer for logs?

It depends on your plan:

community: 30 days (for testing)
Starter: 90 days
professional: 180 days
business: 1 year
Enterprise: Unlimited (statutory 2 years + above)

For legal 2 year requirementprofessional and aboveWe recommend plans.

Is there any conflict between KVKK and 5651?

No, the two are complementary. 5651Mandatory to store communication traffic informationmakes it possible, KVKKprotecting personal datamakes it mandatory. In practice: Logs are stored BUT only authorized persons can access them, they are deleted when the need is over. OxiSec manages both from a single interface — RBAC, audit log, automatic retention.

Can I keep the log on my server myself?

Yes, but it is not recommended.Manual CSV export → copy to folder → The month-end zipping method carries 3 risks: (1) Signature missing — court may reject integrity, (2) Audit trail missing — unclear who accessed when, (3) Retention manual — Compliance with the law is risky. OxiSec does it all automatically.

Law No. 5651Fully compliant, court-ready SIEM.