Best practices for log data retention
Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, David Mortman gives best practices for log data retention.
The reality is, as usual, more complex than that. In December 2006, the U.S. government changed the Federal Rules...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
of Evidence for electronic data, and these rules were picked up by most of the states as well. The most relevant of these changes was that not only do electronic files themselves fall under the scope of discovery, but also any and all meta data, which includes logs.
This means the company must ensure log data is properly maintained under a written document-retention policy and that it's clear which relevant files may correlate with the logs. This is important because during a civil litigation procedure, the organization must know which logs to produce for the lawyers and which logs not to destroy as part of the usual document destruction process.
This is just a long and fancy way to say you should talk to your organization's lawyers and make a decision about how long to retain logs on the basis of their advice.
For more information:
- Learn how to estimate log generation rates with this expert advice.
- Looking to review system event logs? Check out this tutorial on Splunk.
Dig Deeper on Data security technology and strategy
-
![]()
Employ log management best practices to better analyze, protect data
By: Stefani Muñoz
-
![]()
How do you enable centralized vCenter logging?
By: Rob Bastiaansen
-
![]()
What are the best log consolidation and storage methods?
By: Stephen Bigelow
-
![]()
How do you analyze log data for relevant information?
By: Stephen Bigelow
