From owner-freebsd-isp@FreeBSD.ORG Fri Feb 22 18:24:37 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B308116A406 for ; Fri, 22 Feb 2008 18:24:37 +0000 (UTC) (envelope-from igelyk.rim@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) by mx1.freebsd.org (Postfix) with ESMTP id 33C0513C46A for ; Fri, 22 Feb 2008 18:24:36 +0000 (UTC) (envelope-from igelyk.rim@gmail.com) Received: by ug-out-1314.google.com with SMTP id y2so2919821uge.37 for ; Fri, 22 Feb 2008 10:24:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=ZXoLAZiZwIjsZxc9gNRgGGZrLxqUDc3xXQiJIVEcwzU=; b=vnFhxxCxgABhmLi3lLXHjy+iKhPi+bbaQP7rnWpxupBDokxF3FoObZ1gFm2JC9S06qK3QNCJz7HdT0HONDWFDQ9xTYplM14gBPW9Q7UfRFfuFqhOuolRPs6RDg9GlwE3y8+/KIiI3KLHwrlRNZVHpJdh3++pHQrhzp1DgHHCsxA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=rqKaB1MQEyKxJsEb9BU1A+CLWAChwN2rwKtm/duSZ81WmztkgsYc0U7cIQc0YXESWlG7GYJccJbR7KPCexY0ZMqCayXUFUErRhaLtiAsQ/A6/l94x0SCSLJ+gPPMRvu0XECH5t5DztICyQL/llMp24ycisiIHHlOkeXkm03Sq64= Received: by 10.67.27.3 with SMTP id e3mr2685331ugj.22.1203702934383; Fri, 22 Feb 2008 09:55:34 -0800 (PST) Received: by 10.66.248.6 with HTTP; Fri, 22 Feb 2008 09:55:34 -0800 (PST) Message-ID: <957425f00802220955y183e8edbgc3af82c23af26782@mail.gmail.com> Date: Fri, 22 Feb 2008 12:55:34 -0500 From: "Irene Gelyk" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: re: Creating a Log Retention Policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2008 18:24:37 -0000 Matthew: Did you ever get your log retention policy developed? I'm sort of in the same position and I'm hoping you will be able to share what you learned and/or developed. Thanks Irene Gelyk igelyk.rim@gmail.com Creating a Log Retention Policy*Matt Ruzicka* matt at frii.com *Mon Aug 22 22:38:45 GMT 2005* - Previous message: ELF Binary Type '0' Not Known - Next message: Creating a Log Retention Policy - *Messages sorted by:* [ date ] [ thread ] [ subject ] [ author ] ------------------------------ Last year I attended a session at USENIX on system logging in which the instructor (Marcus Ranum) discussed the importance of having a clearly defined (and enforced) log retention policy. From what I remember of this portion of the lecture (the slides and my notes are lacking in details) he stressed that this policy would help significantly in the case of litigation, but it obviously would also give a solid policy for defining expectations and maintaining consistency between servers. A year later (*cough, cough*) I've started to compile ideas for this policy, but am having a bit of trouble finding good guidelines to follow. I was wondering if others currently had a clearly defined log retention policy for their organization and, if so, how they went about creating it? Thanks in advance for any feedback. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc.matt at frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com