Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Firewall logging
GT-Rob
Hey guys, having a discussion at work and wanted to get feedback from others out there.
How long do you keep/archive things like firewall logs? Right now we keep them until they are full and purge them as needed, which usually gives us about 4-6months worth. We are increasing the capacity by quite a bit soon, and recommended we archive a year's worth (there is more than enough room on the logging server now). This was shot down, and the powers that be say there is no need for anything older than a month.
What is the general practice out there? We are not a financial institution, but I am going to go with the idea that it shouldn't matter the industry.
In the case where space is no issue, how long do you keep logs for?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
Ahriakin
I'd say a 30 day minimum for raw logs but if you don't already use one then look at also logging to an SIEM with longer retention for correlated possible offenses. E.g. hold intelligently identified higher priority data for up to a year. I think there is a need for longer retention, but be smart about it (and a good SIEM does a lot of that work for you (aswell as being more proactive too0).
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
