Monday, April 02, 2007

Top 11 Reasons to Collect and Preserve Computer Logs

I've been wanting to create those for a loooooong time and finally - here they are (you can guess I've been on a long flight :-)). Some are admittedly tongue-in-cheek, but useful nonetheless. So, enjoy Anton's "Top 11 Reasons to Collect and Preserve Computer Logs", presented in no particular order:

  1. Before anything else, do you deal with credit cards? Patient info? Are you a government org under FISMA? A financial org? You have to keep'em - stop reading further.
  2. What if there is a law or a regulation that requires you to retain logs - and you don't know about it yet? Does the world "compliance" ring a bell?
  3. An auditor comes and asks for logs. Do you want to respond "Eh, what do you mean?"?
  4. A system starts crashing and keeps doing so. Where is the answer? Oops, it was in the logs - you just didn't retain them ...
  5. Somebody posts a piece of your future quarterly report online. Did John Smith did it? How? If not him, who did? Let's see who touched this document, got logs?
  6. A malware is rampant on your network. Where it came from? Who spreads it? Just check the logs - but only if you have them saved.
  7. Your boss comes and says 'I emailed you this and you ignored it!!' - 'No, you didn't!!!' Who is right? Only email logs can tell!
  8. Network is slow; somebody is hogging the bandwidth. Let's catch the bastard! Is your firewall logging? Keep the info at least until you can investigate.
  9. Somebody added a table to your database. Maybe he did something else too - no change control forms were filed. Got database log management? How else would you know?
  10. Disk space is cheap; tape is cheaper still. Save a log! Got SAN or NAS? Save a few of them!
  11. If you plan to throw away a log record, think - are you 100% sure you won't need it, ever? Exactly! :-) Keep it.

Have more? Feel free to suggest your own reasons below!

Coming soon: "Top 11 Reasons to Look at Your Logs"

Technorati tags: , , , ,

Dr Anton Chuvakin