Re: Retention of NAT translations and Connections

["Drews, Jane E" <jane-drews () UIOWA EDU>]

Andy,
A group of security officers in Iowa developed a guideline a few years ago to assist with log retention decision making 
for three general categories of logs. We suggest minimum retention of 30 days for NAT logs, with maximum retention of 
one year.  See http://itsecurity.uiowa.edu/bestprac/borlogguide.shtml for the full guideline.  I would echo that 
keeping logs no longer than for what their intended purpose is, is a best practice.

Jane Drews
University of Iowa


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HOGGATT, 
ANDY F.
Sent: Thursday, January 05, 2012 4:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Retention of NAT translations and Connections

Greetings all,

We have been reviewing our current process for logging Internet use of students/faculty/staff.  One aspect we've been 
debating is how long to store the firewall logs for Internet use of our users.  This includes building and teardown of 
connections, as well as NAT translation records.  Our perimeter firewall generates a copious amount of logs per day and 
we are trying to determine how long "long enough" is.

Would anyone be willing to share their input as to how long they store this type of information.  Any and all input is 
greatly appreciated.

Thank You,

Andy Hoggatt
Ozarks Technical Community College
Network Security Systems Administrator
hoggatta () otc edu<mailto:hoggatta () otc edu>
417.447.7535