Re: Creating a Log Retention Policy

• Previous message: Julian H. Stacey: "Re: Creating a Log Retention Policy"
• In reply to: Matt Ruzicka: "Creating a Log Retention Policy"
• Next in thread: Doug Hardie: "Re: Creating a Log Retention Policy"
• Reply: Doug Hardie: "Re: Creating a Log Retention Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 22 Aug 2005 22:53:26 -0700 (PDT)
To: "Matt Ruzicka" <matt@frii.com>

> Last year I attended a session at USENIX on system logging in which
> the instructor (Marcus Ranum) discussed the importance of having a
> clearly defined (and enforced) log retention policy. From what I
> remember of this portion of the lecture (the slides and my notes are
> lacking in details) he stressed that this policy would help
> significantly in the case of litigation, but it obviously would also
> give a solid policy for defining expectations and maintaining
> consistency between servers.

> A year later (*cough, cough*) I've started to compile ideas for this
> policy, but am having a bit of trouble finding good guidelines to
> follow.

> I was wondering if others currently had a clearly defined log
> retention policy for their organization and, if so, how they went
> about creating it?

We use newsyslog(8) to rotate the logs monthly, and store 13 backups,
all neatly bzip'd. And we copy the backups to a pair of external USB
drives where one is always off-site. Works great for our mail
gateway, firewalls, and web servers.

There's nothing officially written up anywhere, though.

-- 
Freddie Cash, CCNT CCLP        Helpdesk / Network Support Tech.
School District 73             (250) 377-HELP [377-4357]
fcash@sd73.bc.ca               helpdesk@sd73.bc.ca
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Julian H. Stacey: "Re: Creating a Log Retention Policy"
• In reply to: Matt Ruzicka: "Creating a Log Retention Policy"
• Next in thread: Doug Hardie: "Re: Creating a Log Retention Policy"
• Reply: Doug Hardie: "Re: Creating a Log Retention Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Exchange 2003 with KVS Enterprise Vault 6 SP2 ... to agree to a retention and deleteion policy but it's hard going, ... As part of the migration the email was imported into the Exchange ... are having is that the vault is growing at an alarming rate, ... Another thing following on from this is your backups. ... (microsoft.public.exchange.admin) Re: Creating a Log Retention Policy ... > clearly defined log retention policy. ... The determination of how long to retain the DVDs was more ... The current year is kept off-site. ... (freebsd-isp) Re: Recipient Update Service Error ... You don't need to set the exclusion policy if you have the filter set on the ... Only one mailbox policy can be applied per ... If you filter the retention policy to only apply to user accounts ... (microsoft.public.exchange.design) Re: SMTP CHange ... Try right-clicking the policy and selecting Apply the policy now. ... MVP - Exchange ... "Protecting the world from PSTs and brick backups!" ... Susan Conkey [MVP] ... (microsoft.public.exchange.admin) Re: setting email retention limits. ... if the retention policy applies to only the inbox or other OL folders as ... > Joe - here's the basic info and you can research from here. ... > Policy and choose Mailbox Manger. ... (microsoft.public.backoffice.smallbiz2000)