06-26-2010 10:14 PM - edited 02-21-2020 04:00 AM
Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj
06-27-2010 10:53 PM
Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj
Manoj,
Check out the below link for best practice for logging and prerequiste in cisco devices.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
07-07-2010 10:51 AM
1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.
2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.
I hope it helps.
PK
07-15-2010 03:25 AM
For a firewall it is better to have informational if you have a solution like MARS.
For the logging retention it depends on the country laws and the company policies.
I think 6 months is the least you should have.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide