From owner-freebsd-isp@FreeBSD.ORG Mon Aug 22 23:31:41 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DB4B16A41F for ; Mon, 22 Aug 2005 23:31:41 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB9DF43D46 for ; Mon, 22 Aug 2005 23:31:40 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (p549A5D89.dip.t-dialin.net [84.154.93.137]) (authenticated bits=0) by tower.berklix.org (8.12.9p2/8.12.9) with ESMTP id j7MNVbxr087217; Tue, 23 Aug 2005 01:31:38 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.12.11/8.12.11) with ESMTP id j7MNVXXX023633; Tue, 23 Aug 2005 01:31:34 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.1/8.13.1) with ESMTP id j7MNW0g7012196; Tue, 23 Aug 2005 01:32:00 +0200 (CEST) (envelope-from jhs@fire.jhs.private) Message-Id: <200508222332.j7MNW0g7012196@fire.jhs.private> To: Matt Ruzicka In-Reply-To: Message from Matt Ruzicka of "Mon, 22 Aug 2005 16:38:43 MDT." Date: Tue, 23 Aug 2005 01:32:00 +0200 From: "Julian H. Stacey" Cc: freebsd-isp@freebsd.org Subject: Re: Creating a Log Retention Policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Aug 2005 23:31:41 -0000 Matt Ruzicka wrote: > Last year I attended a session at USENIX on system logging in which the > instructor (Marcus Ranum) discussed the importance of having a clearly > defined (and enforced) log retention policy. From what I remember of this > portion of the lecture (the slides and my notes are lacking in details) he > stressed that this policy would help significantly in the case of > litigation, but it obviously would also give a solid policy for defining > expectations and maintaining consistency between servers. > > A year later (*cough, cough*) I've started to compile ideas for this > policy, but am having a bit of trouble finding good guidelines to follow. > > I was wondering if others currently had a clearly defined log retention > policy for their organization and, if so, how they went about creating it? > > Thanks in advance for any feedback. > > Matthew Ruzicka - Systems Administrator This seems a general Sys Admin issue appropriate to SAGE http://www.sage.org , rather than anything needing to be BSD specific. The search box on their site with "archival policy" shows this at top: --- This represents the suggested policy document outline as it appears in A Guide to Developing Computing Policy Documents published by the USENIX Assocation for the SAGE. The guide is part of the SAGE series Short Topics in System Administration. -- Julian Stacey Consultant Systems Engineer, Munich. http://berklix.com Mail in Ascii (Html = Spam). Ihr Rauch = mein allergischer Kopfschmerz.