Q

Snort Log retention

Best practices for retention of snort logs may hinge on external requirements like Sarbanes-Oxley. Learn when it's OK to delete logs and when to hang on to them.

Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space.
Is there a reason to keep year-old Snort logs? Well maybe. Most log retention decisions are based on one of the following factors:
  • policy
  • regulation
  • audit
  • capacity

    If your organization has a log retention policy, then the duration of retention should be documented. If your organization comes under the auspices of some regulatory body or document - Sarbanes-Oxley, for example - then this may mandate a retention period for certain types of transactions. If the log data isn't covered by either of these and you don't need it for any other purpose - like later investigation or audit - then I see no reason why it cannot be deleted.

This was last published in April 2008

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close