Date: Mon, 22 Aug 2005 16:38:43 -0600 (MDT) From: Matt Ruzicka <matt@frii.com> To: freebsd-isp@freebsd.org Subject: Creating a Log Retention Policy Message-ID: <Pine.BSF.4.58.0508221636280.10962@elara.frii.com>
next in thread | raw e-mail | index | archive | help
Last year I attended a session at USENIX on system logging in which the instructor (Marcus Ranum) discussed the importance of having a clearly defined (and enforced) log retention policy. From what I remember of this portion of the lecture (the slides and my notes are lacking in details) he stressed that this policy would help significantly in the case of litigation, but it obviously would also give a solid policy for defining expectations and maintaining consistency between servers. A year later (*cough, cough*) I've started to compile ideas for this policy, but am having a bit of trouble finding good guidelines to follow. I was wondering if others currently had a clearly defined log retention policy for their organization and, if so, how they went about creating it? Thanks in advance for any feedback. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.58.0508221636280.10962>