Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3771
Views
4
Helpful
3
Replies

Best practice for logging

manoj-wadhwa
Level 1
Level 1

‎06-26-2010 10:14 PM - edited ‎02-21-2020 04:00 AM

Hi All,

I would like to know if there is any best practice document for Firewall logging. This would include

1. What level of logging is ideal

2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.

This can include for various industries like IT, Banking etc.

Any document pertaining to these would be helpful. Thanks in advance.

Regards,

Manoj

0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-27-2010 10:53 PM 

Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj

Manoj,

Check out the below link for best practice for logging and prerequiste in cisco devices.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest

http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-07-2010 10:51 AM

1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.

2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.

I hope it helps.

PK

0 Helpful

dvithoulkas
Level 1
Level 1

‎07-15-2010 03:25 AM

For a firewall it is better to have informational if you have a solution like MARS.

For the logging retention it depends on the country laws and the company policies.

I think 6 months is the least you should have.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card