Educause Security Discussion mailing list archives
Security Log Retention Policy Suggestions
From: Zepu Chen <zepu.chen () DENISON EDU>
Date: Thu, 16 Jan 2020 15:15:29 -0500
Good Afternoon, As we are maturing our current security policy and guidelines here at Denison, we ran into a discussion of determining the proper retention policy for all the security logs(i.e. firewall logs, NATing logs, LDAP logs..). Depends on the general practice, we may want to separate the security log retention policy from the general data retention policy. What are you using as a retention guideline for those types of logs? 1 year, 2 years, forever? Have anyone come across a situation that the incident investigation requires logs from 1 or 2 years ago? Any recommendations and suggestions are welcome! Thanks, [image: Denison University] <https://denison.edu> *Zepu Chen* *Systems & Security Administrator* Information Technology Services Office: 740-587-5307 <1-740-587-5307> zepu.chen () denison edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Security Log Retention Policy Suggestions Zepu Chen (Jan 16)
- Re: Security Log Retention Policy Suggestions Powell, Andy (Jan 16)