Re: Creating a Log Retention Policy

["Freddie Cash" <fcash_(_at_)_ocis_(_dot_)_net>]

> Last year I attended a session at USENIX on system logging in which
> the instructor (Marcus Ranum) discussed the importance of having a
> clearly defined (and enforced) log retention policy.  From what I
> remember of this portion of the lecture (the slides and my notes are
> lacking in details) he stressed that this policy would help
> significantly in the case of litigation, but it obviously would also
> give a solid policy for defining expectations and maintaining
> consistency between servers.

> A year later (*cough, cough*) I've started to compile ideas for this
> policy, but am having a bit of trouble finding good guidelines to
> follow.

> I was wondering if others currently had a clearly defined log
> retention policy for their organization and, if so, how they went
> about creating it?

We use newsyslog(8) to rotate the logs monthly, and store 13 backups,
all neatly bzip'd.  And we copy the backups to a pair of external USB
drives where one is always off-site.  Works great for our mail
gateway, firewalls, and web servers.

There's nothing officially written up anywhere, though.
-- 
Freddie Cash, CCNT CCLP        Helpdesk / Network Support Tech.
School District 73             (250) 377-HELP [377-4357]
fcash_(_at_)_sd73_(_dot_)_bc_(_dot_)_ca               helpdesk_(_at_)_sd73_(_dot_)_bc_(_dot_)_ca
_______________________________________________
freebsd-isp_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe_(_at_)_freebsd_(_dot_)_org"