Best practice for logging

Unanswered Question
Jun 26th, 2010
User Badges:

Hi All,


I would like to know if there is any best practice document for Firewall logging. This would include


1. What level of logging is ideal

2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.


This can include for various industries like IT, Banking etc.


Any document pertaining to these would be helpful. Thanks in advance.


Regards,

Manoj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (2 ratings)
Loading.
Ganesh Hariharan Sun, 06/27/2010 - 22:53
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi All,


I would like to know if there is any best practice document for Firewall logging. This would include


1. What level of logging is ideal

2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.


This can include for various industries like IT, Banking etc.


Any document pertaining to these would be helpful. Thanks in advance.


Regards,

Manoj


Manoj,


Check out the below link for best practice for logging and prerequiste in cisco devices.


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest

http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Panos Kampanakis Wed, 07/07/2010 - 10:51
User Badges:
  • Cisco Employee,

1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.

2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.


I hope it helps.


PK

dvithoulkas Thu, 07/15/2010 - 03:25
User Badges:

For a firewall it is better to have informational if you have a solution like MARS.

For the logging retention it depends on the country laws and the company policies.

I think 6 months is the least you should have.

Actions

This Discussion