Educause Security Discussion mailing list archives
Re: Retention of NAT translations and Connections
From: Dave Koontz <dkoontz () MBC EDU>
Date: Thu, 5 Jan 2012 20:08:35 -0500
To me, "acceptable" is the lowest common denominator, not ideal. I think you should first define a policy on the purpose of keeping such log information, and publish it in your AUP. Is it for monitoring users, or is it for troubleshooting problems or issues? I suspect most of us fall into the latter, and for that purpose 30 days should be more than adequate. You also should consider a policy of what, if anything, you do with that log information you collect and hold for whatever time you determine. My personal thought is that the more user information you log and store, the more responsibility IT has should an issue arise. After all, "it was in your logs, why didn't you catch it and do something about it" Just my two cents... And I concur if you have any questions, work with your legal team. --- Dave Koontz Mary Baldwin College On 1/5/2012 6:08 PM, Nathaniel Hall wrote:
IMHO, I would say it would be acceptable to keep the current semester logs plus the previous semesters. Since most packages will use a rotation specified in weeks, I would probably say about 30 weeks of active logs. You should also keep in mind that you can keep X number of weeks active and the remaining weeks archived on tape. That will help you maintain disk space while keeping the logs available for needed situations. It is also important to consult with the schools legal council. They may request a minimum or maximum of 30, 60, 90 days or more. -- I am many things, but I am not a lawyer, accountant, or agent of the federal, state, or local government. Nathaniel Hall On 1/5/2012 4:12 PM, HOGGATT, ANDY F. wrote:Greetings all, We have been reviewing our current process for logging Internet use of students/faculty/staff. One aspect we've been debating is how long to store the firewall logs for Internet use of our users. This includes building and teardown of connections, as well as NAT translation records. Our perimeter firewall generates a copious amount of logs per day and we are trying to determine how long "long enough" is. Would anyone be willing to share their input as to how long they store this type of information. Any and all input is greatly appreciated. Thank You, Andy Hoggatt Ozarks Technical Community College Network Security Systems Administrator hoggatta () otc edu <mailto:hoggatta () otc edu> 417.447.7535
Current thread:
- Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 05)
- Re: Retention of NAT translations and Connections Nathaniel Hall (Jan 05)
- Re: Retention of NAT translations and Connections Dave Koontz (Jan 05)
- Re: Retention of NAT translations and Connections Mike Iglesias (Jan 05)
- Re: Retention of NAT translations and Connections Valdis Kletnieks (Jan 05)
- Re: Retention of NAT translations and Connections Dave Koontz (Jan 05)
- Re: Retention of NAT translations and Connections leo song (Jan 06)
- Re: Retention of NAT translations and Connections Nathaniel Hall (Jan 05)
- Re: Retention of NAT translations and Connections Drews, Jane E (Jan 06)
- Re: Retention of NAT translations and Connections John Ladwig (Jan 06)
- Re: Retention of NAT translations and Connections Kalal, Robert (Bob) (Jan 06)
- Re: Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 10)
- Re: Retention of NAT translations and Connections John Ladwig (Jan 06)