I've been wanting to create those for a loooooong time and finally - here they are (you can guess I've been on a long flight :-)). Some are admittedly tongue-in-cheek, but useful nonetheless. So, enjoy Anton's "Top 11 Reasons to Collect and Preserve Computer Logs", presented in no particular order:
- Before anything else, do you deal with credit cards? Patient info? Are you a government org under FISMA? A financial org? You have to keep'em - stop reading further.
- What if there is a law or a regulation that requires you to retain logs - and you don't know about it yet? Does the world "compliance" ring a bell?
- An auditor comes and asks for logs. Do you want to respond "Eh, what do you mean?"?
- A system starts crashing and keeps doing so. Where is the answer? Oops, it was in the logs - you just didn't retain them ...
- Somebody posts a piece of your future quarterly report online. Did John Smith did it? How? If not him, who did? Let's see who touched this document, got logs?
- A malware is rampant on your network. Where it came from? Who spreads it? Just check the logs - but only if you have them saved.
- Your boss comes and says 'I emailed you this and you ignored it!!' - 'No, you didn't!!!' Who is right? Only email logs can tell!
- Network is slow; somebody is hogging the bandwidth. Let's catch the bastard! Is your firewall logging? Keep the info at least until you can investigate.
- Somebody added a table to your database. Maybe he did something else too - no change control forms were filed. Got database log management? How else would you know?
- Disk space is cheap; tape is cheaper still. Save a log! Got SAN or NAS? Save a few of them!
- If you plan to throw away a log record, think - are you 100% sure you won't need it, ever? Exactly! :-) Keep it.
Have more? Feel free to suggest your own reasons below!
Coming soon: "Top 11 Reasons to Look at Your Logs"