What does raw traffic that is not in the form of logs look like? Maybe you mean that they are streaming logs in real-time rather than sending log files in batches periodically?
You don't mean sharing raw traffic as in forwarding actual requests, I wouldn't think?
It could be either mirroring all the traffic to an agency-provided black box, or sending just NetFlow (or sFlow) metadata about the traffic.
And if someone thinks the first option is not realistic - this is how almost every ISP in Russia works (search for SORM-2 and SORM-3 for more detail, typically traffic is mirrored at ISP's border gateway(s)). Sure, Russia or China wouldn't be great examples, but the point is that it's technically possible, even at scale, and all the real problems are in the meatspace (legal enforcement or coercion).
> You don't mean sharing raw traffic as in forwarding actual requests, I wouldn't think?
The usual method is either to use a splitter or switch configuration to mirror traffic to another interface, attached to a machine running packet capture/analysis tools.
You don't mean sharing raw traffic as in forwarding actual requests, I wouldn't think?