Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Keeping Logs files for how long?

from [pinowudi] Network Security [Permanent Link]
Subject: Re: Keeping Logs files for how long?
Date: Thu, 07 Feb 2008 20:55:32 -0500 
It doesn't matter, so long as the length of time before recycling tapes
1) meets generally agreed industry standards or specific legal
requirements, 2) has the CEOs signature approval on it and 3) is
absolutely followed.  If you get sued, you have a policy and follow it
(and always know where the backups are), which will save you a lot of
grief.  Your company can revisit the policy after that reduced
settlement for the next time...

Thor (Hammer of God) wrote:

From my POV, it comes down to money plus any "legal requirements." 


Since you're asking other's opinions on it, I'll assume you are not
required by law to keep logs for any particular reason for time period.
If true, then it really comes down to how much money you are willing to
spend to keep logs for X period.

Large format tape media is pretty expense for single use "backup and
keep" strategies.  But you can get hard drives pretty cheap these days
-- in my previous life, I had scripts that would take monthly logs,
compress them, and copy them over to removable drives.  We'd just take
the drives out of the USB chassis and store them.  I just built a couple
of drives a month into the budget -- that way you have copies going back
as long as you would like.   If I ever needed anything, we'd just drop
the drive into the chassis and get what we wanted.  If not, then it was
already built into the budget.

Of course, different environments dictate different things, but it
usually comes down to how much a month it would cost to store the logs,
and if you are willing to spend it perpetually.

t




-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Petter Bruland
Sent: Thursday, February 07, 2008 9:26 AM
To: focus-ms@securityfocus.com
Subject: Keeping Logs files for how long?

Over the last few weeks we've gotten a bunch of good advice on what
software/hardware to use, in order to capture logs from all sort of
networked devices.

One thing we have not really talked about, is how long do we usually
keep logs. And do we ever back them up?

Any feedback on how you handle the log data, or best practices for
handle log data, would be greatly appreciated.


-Petter
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Keeping Logs files for how long?, Maria Paredes
Next by Date:  SecurityFocus Microsoft Newsletter #380, rkeith
Previous by Thread:  RE: Keeping Logs files for how long?, Thor (Hammer of God)
Next by Thread:  Re: Centralizing Event Viewer Logs, Kosala Atapattu
Indexes:  [Date] [Thread] [Top] [All Lists]