Date: Mon, 22 Aug 2005 22:53:26 -0700 (PDT) From: "Freddie Cash" <fcash@ocis.net> To: "Matt Ruzicka" <matt@frii.com> Cc: freebsd-isp@freebsd.org Subject: Re: Creating a Log Retention Policy Message-ID: <63196.24.71.128.63.1124776406.squirrel@imap.sd73.bc.ca> In-Reply-To: <Pine.BSF.4.58.0508221636280.10962@elara.frii.com> References: <Pine.BSF.4.58.0508221636280.10962@elara.frii.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Last year I attended a session at USENIX on system logging in which > the instructor (Marcus Ranum) discussed the importance of having a > clearly defined (and enforced) log retention policy. From what I > remember of this portion of the lecture (the slides and my notes are > lacking in details) he stressed that this policy would help > significantly in the case of litigation, but it obviously would also > give a solid policy for defining expectations and maintaining > consistency between servers. > A year later (*cough, cough*) I've started to compile ideas for this > policy, but am having a bit of trouble finding good guidelines to > follow. > I was wondering if others currently had a clearly defined log > retention policy for their organization and, if so, how they went > about creating it? We use newsyslog(8) to rotate the logs monthly, and store 13 backups, all neatly bzip'd. And we copy the backups to a pair of external USB drives where one is always off-site. Works great for our mail gateway, firewalls, and web servers. There's nothing officially written up anywhere, though. -- Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] fcash@sd73.bc.ca helpdesk@sd73.bc.ca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63196.24.71.128.63.1124776406.squirrel>