Best practices for log data retention
Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, David Mortman gives best practices for log data retention.
The reality is, as usual, more complex than that. In December 2006, the U.S. government changed the Federal Rules...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
of Evidence for electronic data, and these rules were picked up by most of the states as well. The most relevant of these changes was that not only do electronic files themselves fall under the scope of discovery, but also any and all meta data, which includes logs.
This means the company must ensure log data is properly maintained under a written document-retention policy and that it's clear which relevant files may correlate with the logs. This is important because during a civil litigation procedure, the organization must know which logs to produce for the lawyers and which logs not to destroy as part of the usual document destruction process.
This is just a long and fancy way to say you should talk to your organization's lawyers and make a decision about how long to retain logs on the basis of their advice.
For more information:
- Learn how to estimate log generation rates with this expert advice.
- Looking to review system event logs? Check out this tutorial on Splunk.