Re: Retention of NAT translations and Connections

[Nathaniel Hall <educause-lists () NATHANIELHALL COM>]

IMHO, I would say it would be acceptable to keep the current semester
logs plus the previous semesters.  Since most packages will use a
rotation specified in weeks, I would probably say about 30 weeks of
active logs.  You should also keep in mind that you can keep X number of
weeks active and the remaining weeks archived on tape.  That will help
you maintain disk space while keeping the logs available for needed
situations.

It is also important to consult with the schools legal council.  They
may request a minimum or maximum of 30, 60, 90 days or more.

--
I am many things, but I am not a lawyer, accountant, or agent of the federal, state, or local government.

Nathaniel Hall


On 1/5/2012 4:12 PM, HOGGATT, ANDY F. wrote:
> Greetings all,
>
>  
>
> We have been reviewing our current process for logging Internet use of
> students/faculty/staff.  One aspect we've been debating is how long to
> store the firewall logs for Internet use of our users.  This includes
> building and teardown of connections, as well as NAT translation
> records.  Our perimeter firewall generates a copious amount of logs
> per day and we are trying to determine how long "long enough" is.
>
>  
>
> Would anyone be willing to share their input as to how long they store
> this type of information.  Any and all input is greatly appreciated.
>
>  
>
> Thank You,
>
>  
>
> Andy Hoggatt
>
> Ozarks Technical Community College
>
> Network Security Systems Administrator
>
> hoggatta () otc edu <mailto:hoggatta () otc edu>
>
> 417.447.7535
>
>