The rotation is just for a few weeks, but mostly a full backup is retained offsite for years, especially, Firewall, Mailserver, Httpd logs etc etc. But a Policy needs to be written, maintained and signed by the management. On Mon, May 18, 2009 at 1:44 PM, Eric Mugo <kabugum@gmail.com> wrote:
so that basically means if they were asked to pull out Logs for three months ago...they would draw a blank?
On Mon, May 18, 2009 at 1:06 PM, chuks Jonia <chuksjonia@gmail.com> wrote:
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it.
Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy.
./Chuks
On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/