110 pts.
 Snort Log Retention
Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space.

Software/Hardware used:
ASKED: April 14, 2008  3:46 PM
UPDATED: April 15, 2008  1:29 PM

Answer Wiki:
For all practical reasons, I can't see why you should keep them longer than a month (mostly, a month is too long, seeing how most DHCP leases are only good for a week, and it's usually hijacked DHCP clients who are attacking you). I'd recommend you back up the data just as far as a class C, so you can know who is attacking you generally (where they are attacking from, and when it has happened, generally [ie, week by week breakdown of recurring class C attacks]). If you need help with that, I think I could throw together a quick script that you would run in a cron.
Last Wiki Answer Submitted:  April 15, 2008  1:29 pm  by  Jonsjava   225 pts.
All Answer Wiki Contributors:  Jonsjava   225 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _