Snort Log retention
Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space.

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Is there a reason to keep year-old Snort logs? Well maybe. Most log retention decisions are based on one of the following factors:
  • policy
  • regulation
  • audit
  • capacity

    If your organization has a log retention policy, then the duration of retention should be documented. If your organization comes under the auspices of some regulatory body or document - Sarbanes-Oxley, for example - then this may mandate a retention period for certain types of transactions. If the log data isn't covered by either of these and you don't need it for any other purpose - like later investigation or audit - then I see no reason why it cannot be deleted.

This was first published in April 2008