Snort Log Retention

110 pts.
Tags:
Backup & recovery
Data Center
Data Management
Log retention
Snort/Sourcefire
Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space.
ASKED: April 14, 2008  3:46 PM
UPDATED: April 15, 2008  1:29 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

For all practical reasons, I can’t see why you should keep them longer than a month (mostly, a month is too long, seeing how most DHCP leases are only good for a week, and it’s usually hijacked DHCP clients who are attacking you). I’d recommend you back up the data just as far as a class C, so you can know who is attacking you generally (where they are attacking from, and when it has happened, generally [ie, week by week breakdown of recurring class C attacks]). If you need help with that, I think I could throw together a quick script that you would run in a cron.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following