Creating a Log Retention Policy
Freddie Cash
fcash at ocis.net
Tue Aug 23 05:54:05 GMT 2005
> Last year I attended a session at USENIX on system logging in which
> the instructor (Marcus Ranum) discussed the importance of having a
> clearly defined (and enforced) log retention policy. From what I
> remember of this portion of the lecture (the slides and my notes are
> lacking in details) he stressed that this policy would help
> significantly in the case of litigation, but it obviously would also
> give a solid policy for defining expectations and maintaining
> consistency between servers.
> A year later (*cough, cough*) I've started to compile ideas for this
> policy, but am having a bit of trouble finding good guidelines to
> follow.
> I was wondering if others currently had a clearly defined log
> retention policy for their organization and, if so, how they went
> about creating it?
We use newsyslog(8) to rotate the logs monthly, and store 13 backups,
all neatly bzip'd. And we copy the backups to a pair of external USB
drives where one is always off-site. Works great for our mail
gateway, firewalls, and web servers.
There's nothing officially written up anywhere, though.
--
Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech.
School District 73 (250) 377-HELP [377-4357]
fcash at sd73.bc.ca helpdesk at sd73.bc.ca
More information about the freebsd-isp
mailing list