Security Basics mailing list archives
Event log storage regulations/requirements from firewalls?
From: Ravi Malghan <rmalghan () yahoo com>
Date: Thu, 26 Oct 2006 10:55:39 -0700 (PDT)
Hello Security experts: I have configured a number of firewalls to send their logs to a central SEMS (security event management system). The data is stored in a oracle database. A requirement I have to meet is storing the raw events in a log file on a daily basis and making it available to manager/legal if necessary. There are some firewalls which have been configured to send anything and everything. So a simple query to the database requesting all events for previous day takes a long time (upto 50 minutes). I saw this query returning about 3079853 records. We do not have a requirement definition that explains what needs to be logged. So my questions are the following 1. are there any regulations that outline what specifically should be logged and what can be ignored from firewalls? I am assuming there are different specifications for federal and commercial environments. 2. If any security admins in this group have been able to define this, could you please share some high level info. Like what type of events should be stored, what can be ignored, how many days have you stored them for etc? thanks Ravi --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Event log storage regulations/requirements from firewalls? Ravi Malghan (Oct 27)