Security Basics mailing list archives
Re: Keeping Firewall Logs
From: Mark Ng <aliasklap () markng co uk>
Date: Wed, 16 Apr 2003 17:55:37 +0100
On Tuesday 15 April 2003 12:21 am, Naman Latif wrote:
Hi, We have a PIX firewall, which logs all the "Permits" and "Denys". We are developing a policy regarding "how long these log files should be kept" . Does anyone has any tips regarding this ? And how have they implemented in their network ?
I've had an amount of success with a standard syslog server running on hardened *BSD hosts (any *nix will do, and I believe that you can get syslog servers for NT too). My general rule is to keep files up to three months - this can cause significant load on disk space though depending on how busy your firewalls are - this is easy to implement with cron scripts looking for files older than a certain amount of time and removing them. Regards, Mark Ng Director, Information Intelligence Ltd. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Keeping Firewall Logs Naman Latif (Apr 15)
- Re: Keeping Firewall Logs Mark Ng (Apr 16)