Educause Security Discussion mailing list archives

Security Log Retention Policy Suggestions

From: Zepu Chen <zepu.chen () DENISON EDU>
Date: Thu, 16 Jan 2020 15:15:29 -0500

Good Afternoon,

As we are maturing our current security policy and guidelines here at
Denison, we ran into a discussion of determining the proper retention
policy for all the security logs(i.e. firewall logs, NATing logs, LDAP
logs..). Depends on the general practice, we may want to separate the
security log retention policy from the general data retention policy. What
are you using as a retention guideline for those types of logs? 1 year, 2
years, forever? Have anyone come across a situation that the incident
investigation requires logs from 1 or 2 years ago? Any recommendations and
suggestions are welcome!

Thanks,

[image: Denison University] <https://denison.edu>

*Zepu Chen*
*Systems & Security Administrator*
Information Technology Services

Office: 740-587-5307 <1-740-587-5307>
zepu.chen () denison edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Security Log Retention Policy Suggestions Zepu Chen (Jan 16)
- Re: Security Log Retention Policy Suggestions Powell, Andy (Jan 16)