Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best practice for logging

Hi All,

I would like to know if there is any best practice document for Firewall logging. This would include

1. What level of logging is ideal

2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.

This can include for various industries like IT, Banking etc.

Any document pertaining to these would be helpful. Thanks in advance.

Regards,

Manoj

3 REPLIES

Re: Best practice for logging

Hi All,

I would like to know if there is any best practice document for Firewall logging. This would include

1. What level of logging is ideal

2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.

This can include for various industries like IT, Banking etc.

Any document pertaining to these would be helpful. Thanks in advance.

Regards,

Manoj

Manoj,

Check out the below link for best practice for logging and prerequiste in cisco devices.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest

http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Cisco Employee

Re: Best practice for logging

1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.

2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.

I hope it helps.

PK

New Member

Re: Best practice for logging

For a firewall it is better to have informational if you have a solution like MARS.

For the logging retention it depends on the country laws and the company policies.

I think 6 months is the least you should have.

1817
Views
4
Helpful
3
Replies