Hi, Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be 1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank Regards, Eric Mugo.
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it. Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy. ./Chuks On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/
so that basically means if they were asked to pull out Logs for three months ago...they would draw a blank? On Mon, May 18, 2009 at 1:06 PM, chuks Jonia <chuksjonia@gmail.com> wrote:
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it.
Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy.
./Chuks
On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
The rotation is just for a few weeks, but mostly a full backup is retained offsite for years, especially, Firewall, Mailserver, Httpd logs etc etc. But a Policy needs to be written, maintained and signed by the management. On Mon, May 18, 2009 at 1:44 PM, Eric Mugo <kabugum@gmail.com> wrote:
so that basically means if they were asked to pull out Logs for three months ago...they would draw a blank?
On Mon, May 18, 2009 at 1:06 PM, chuks Jonia <chuksjonia@gmail.com> wrote:
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it.
Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy.
./Chuks
On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/
Am not sure if this was defined in the ICT policy. Basically one should aim to keep the logs within the legally defined periods for any eventuality. REgards, Mich Eric Mugo wrote:
so that basically means if they were asked to pull out Logs for three months ago...they would draw a blank?
On Mon, May 18, 2009 at 1:06 PM, chuks Jonia <chuksjonia@gmail.com> wrote:
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it.
Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy.
./Chuks
On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
I just assumed since the Financial Industry is so tightly regulated, Central Bank would obviously have some kind of Policy regarding Log retention for them though i think they would probably be a step ahead since they understand the need for Log Retention.... On Mon, May 18, 2009 at 2:03 PM, Michuki Mwangi <michuki@swiftkenya.com>wrote:
Am not sure if this was defined in the ICT policy. Basically one should aim to keep the logs within the legally defined periods for any eventuality.
REgards,
Mich
Eric Mugo wrote:
so that basically means if they were asked to pull out Logs for three months ago...they would draw a blank?
On Mon, May 18, 2009 at 1:06 PM, chuks Jonia <chuksjonia@gmail.com> wrote:
Alot of people don't put this in writing, which actually should be written up, as a policy, and followed to the write up and the management should enforce it.
Most organizations will have them offsite, and some others on main site for a duration specified on their policies, most likely rotated in two weeks or three depending on the policy.
./Chuks
On Mon, May 18, 2009 at 11:32 AM, Eric Mugo <kabugum@gmail.com> wrote:
Hi,
Hope you are all well. From your experience out there with SME's and even Corporate/Bluechip Organizations and Governement, what would you say on average is their Log Retention Policy. A few direct questions would be
1. How long do they retain their logs? 2. How do the do it i.e Centralized or Decentralized? 3. If centralized what solutions do they use? 4. Any Open Source solution out there that has powerful Reporting Capabilities? 5. Do Financial Institutions have Strong Log Retention Policies regulated through Central Bank
Regards, Eric Mugo.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
participants (3)
-
chuks Jonia -
Eric Mugo -
Michuki Mwangi