Educause Security Discussion mailing list archives

Re: Retention of NAT translations and Connections

From: leo song <song () UOGUELPH CA>
Date: Fri, 6 Jan 2012 10:15:52 -0500

We are in the process of migrating wireless networks from NAT to PAT,
it's hard to estimate how big the daily PAT log will be. 

But keeping one semester's log seems minimum to me. Indeed, we haven't
received any request (so far) of tracking down a specific "incident"
across semesters. 

On Thu, 2012-01-05 at 17:08 -0600, Nathaniel Hall wrote:

IMHO, I would say it would be acceptable to keep the current semester
logs plus the previous semesters.  Since most packages will use a
rotation specified in weeks, I would probably say about 30 weeks of
active logs.  You should also keep in mind that you can keep X number
of weeks active and the remaining weeks archived on tape.  That will
help you maintain disk space while keeping the logs available for
needed situations.

It is also important to consult with the schools legal council.  They
may request a minimum or maximum of 30, 60, 90 days or more.

--
I am many things, but I am not a lawyer, accountant, or agent of the federal, state, or local government.

Nathaniel Hall


On 1/5/2012 4:12 PM, HOGGATT, ANDY F. wrote:

Greetings all,

 

We have been reviewing our current process for logging Internet use
of students/faculty/staff.  One aspect we’ve been debating is how
long to store the firewall logs for Internet use of our users.  This
includes building and teardown of connections, as well as NAT
translation records.  Our perimeter firewall generates a copious
amount of logs per day and we are trying to determine how long “long
enough” is.

 

Would anyone be willing to share their input as to how long they
store this type of information.  Any and all input is greatly
appreciated.

 

Thank You,

 

Andy Hoggatt

Ozarks Technical Community College

Network Security Systems Administrator

hoggatta () otc edu

417.447.7535


-- 
Leo Song, Senior Analyst & Cluster Lead
Computing and Communication Services - Networking and Security
University of Guelph
(519) 824-4120 x 53181

Current thread:

Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 05)
- Re: Retention of NAT translations and Connections Nathaniel Hall (Jan 05)
  - Re: Retention of NAT translations and Connections Dave Koontz (Jan 05)
    - Re: Retention of NAT translations and Connections Mike Iglesias (Jan 05)
    - Re: Retention of NAT translations and Connections Valdis Kletnieks (Jan 05)
  - Re: Retention of NAT translations and Connections leo song (Jan 06)
- Re: Retention of NAT translations and Connections Drews, Jane E (Jan 06)
  - Re: Retention of NAT translations and Connections John Ladwig (Jan 06)
    - Re: Retention of NAT translations and Connections Kalal, Robert (Bob) (Jan 06)
    - Re: Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 10)