LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	Records Management Program <[log in to unmask]>
Date:	Wed, 4 Apr 2007 09:31:46 -0600
Reply-To:	[log in to unmask]
Content-Transfer-Encoding:	7bit
Subject:	Re: Firewall Logs
From:	Jesse Wilkins <[log in to unmask]>
Content-Type:	text/plain; charset="us-ascii"
In-Reply-To:	<[log in to unmask]>
Organization:	IMERGE Consulting
MIME-Version:	1.0
Parts/Attachments:	text/plain (65 lines)

Hi Robert,

I am not aware of any specific state/federal laws regarding retention of
this, though of course there may be some. But I'd definitely consider them
to be a record with business value. How long to keep them? Off the cuff,
depends on the particular log. For example, for system configuration logs,
I'd think a fairly short period of time would suffice - say, 1-2 years. Much
longer than that and the system will be approaching replacement. Another
option would be to keep the config log until the system is replaced or
migrated to newer hardware or significant software upgrade, e.g. FileNet
Panagon to FileNet P8. For other logs, such as audit trails from
records/document repositories, I'd keep them longer, up to as long as the
longest non-permanent retention period on the log. 

A related challenge is that many systems will not ingest logs and audit
trails - that is, if you have an old log for a certain firewall product, the
new product will most likely not be able to prepend that audit trail into
its current one. So here you'd need to declare the log as a record itself
and put it under retention. Not the best option in my opinion but the only
realistic one today (assuming you want/need to save it in the first place,
which is the premise).  

Cheers, 

Jesse Wilkins
CDIA+, edp, LIT, ICP, ermm, ecmm
J Wilkins & Associates
[log in to unmask]
blog: http://informata.blogspot.com
(303) 574-1455 office
(303) 484-4142 fax

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Thys, Robert
Sent: Wednesday, April 04, 2007 8:58 AM
To: [log in to unmask]
Subject: Firewall Logs

What federal or state laws or any regulations or recommendations are
there for the retention of firewall logs and other such log data? What
length of time do other companies retain these records if no such laws
exist? Is the decision to maintain these records based on a company's
need for them? Thank you in advance for any help you can provide me.  
 
Robert Thys
MITRE Corporation
202 Burlington Rd.
Mail Stop D460
Bedford, MA 01730-1420
(781)271-2497
(781)271-3877 Fax
 


 

 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US