On 2002-08-28 11:20:53 -0500, Larry Brown wrote: > I searched the (new) archives to see if there were any threads re: log > retention without any real success. I'd like to get some feedback > from the group in terms of how long log info is typically retained - > online, on site, off site - for operational purposes. Any links to > additional discussion of retention issues would be appreciated. We keep our logs on-line for 1 week uncompressed, and compressed as long as we have disk space. In our operation, we end up with having to look at user changes sometimes years after the event, so it's much handier this way. Mind you, we produce less than 30 Mbyte of logs per day (compressed), so this isn't a big deal. (This may increase drastically as we redesign our logging to include more events that we care about.) For off-site retention, we rely on our usual backup scheme. Log partitions are backed up on our regular schedule: full backups weekly, with incrementals daily. I'm not 100% sure of the exact times, but periodically we retire a tape for permanent archiving off-site. AFAIK we still have these since we started doing that, although I wonder how good the 5 year old tapes are. :) There are two kinds of laws to worry about, neither of which affect us fortunately. The first are legal requirements to keep logs, e.g. call records. The second are legal requirments to destroy logs, e.g. privacy protection. And of course you have the corporate policy variants of these. We also have a published policy regarding accessing historical logs on behalf of users: http://www.ripe.net/ripencc/pub-services/db/recordkeeping.html Internally, anyone in our group has full access, as do people working under an NDA, or company officers. Anyone else could probably have a look if they explained why. In any case, I've never had anyone actually ask. :) -- Shane Not speaking on behalf of my employer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 00:44:47 PDT