I will speak with someone today who has been doing log analysis and forensics for various fed and state agencies. I'm sure a best practice has evolved. Another important aspect to think about is media type. Some agenicies legally want logs written to worm devices only. Although tampering may still be possible, it proves more effective from the beginning. Greg Tina Bird <tbird@precision-guesswork.com> wrote: On Fri, 28 Dec 2001 Bonny_Allenat_private wrote: > Hello Tina Bird: > > I got your name and contact information from the LogAnalysis bulletin board > sponsored by Security Focus. > > I'm researching computer network/system log retention periods - specifically > what length time periods are recommended > to state agencies for retaining the following types of logs from their > computer network system: > > Internal > Windows NT System Event logs > Email records > Internet Usage Monitoring Software > Remote Access logs > Network Edge routers > Database transactional logs > > External > Firewall logs > Intrusion detection software > > The goal being to have these logs available should law enforcement need > them. Do you know of any such recommendations? > > Any information, references or contacts you can provide would be greatly > appreciated. > > Bonny Allen > Inspector Specialist > Office of the Inspector General > Florida Department of Health > Phone (850) 245-4444 x 2151 SC 205-4444 x 2151 > Fax (850) 413-8985 Fax SC 293-8985 > Bonny_Allenat_private > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 10:04:49 PST