Log Management Policy and Procedures

["Bob Dienhart" <bob () alt-tab cc>]

(Note: cross posted to both LogAnalysis and SecurityBasics forums) 

We are working up to implementing a centralized log management system.
The NIST paper "Guide to Computer Security Log Management" (800-92)
discusses the need for a Log Management Policy and related procedures.
Does anyone in the community have a Log Management policy and perhaps
even a set of procedures that I could use as a jump start for drafting
something suitable for this organization? 

We are part of a City government with about 400 desktops, 30 servers,
and a small IT staff. 

I have looked for sample policies on the web but have not found anything
to date. I will continue looking but if you know of any useful links,
those would be helpful, too.

The email address for sending a policy I can plagiarize a bit is:

b o b d "at" h a c m . o r g.

Thanks.

BobD

MCSE, GSEC


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------