[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loganalysis
Subject:    [logs] Re: [[logs] RE: log retention periods (fwd)]
From:       Greg Dotoli <gdotoli () bizinfoservices ! com>
Date:       2002-01-29 5:00:34
[Download RAW message or body]

I will speak with someone today who has been doing log analysis and foren=
sics
for various fed and state agencies. I'm sure a best practice has evolved.=
 =


Another important aspect to think about is media type. Some agenicies leg=
ally
want logs written to worm devices only. Although tampering may still be
possible, it proves more effective from the beginning.

Greg

Tina Bird <tbird@precision-guesswork.com> wrote:

On Fri, 28 Dec 2001 Bonny_Allen@doh.state.fl.us wrote:

> Hello Tina Bird:
> =

> I got your name and contact information from the LogAnalysis bulletin
board
> sponsored by Security Focus.
> =

> I'm researching computer network/system log retention periods -
specifically
> what length time periods are recommended
> to state agencies for retaining the following types of logs from their
> computer network system:
> =

> 		Internal
> 		Windows NT System Event logs
> 		Email records
> 		Internet Usage Monitoring Software
> 		Remote Access logs
> 		Network Edge routers
> 		Database transactional logs
> =

> 		External
> 		Firewall logs
> 		Intrusion detection software
> =

> The goal being to have these logs available should law enforcement need=

> them. Do you know of any such recommendations? =

> =

> Any information, references or contacts you can provide would be greatl=
y
> appreciated.
> =

> Bonny Allen
> Inspector Specialist
> Office of the Inspector General =

> Florida Department of Health =

> Phone (850) 245-4444 x 2151  SC 205-4444 x 2151
> Fax (850) 413-8985 Fax SC 293-8985
> Bonny_Allen@doh.state.fl.us =

> =

> =

> =

> =



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribe@securityfocus.com
For additional commands, e-mail: loganalysis-help@securityfocus.com




---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribe@securityfocus.com
For additional commands, e-mail: loganalysis-help@securityfocus.com

[prev in list] [next in list] [prev in thread] [next in thread]