Snort Log Retention
Log retention, Backup & recovery, Data management, Data Center, Snort/Sourcefire
Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space. Question
Log retention, Backup & recovery, Data management, Data Center, Snort/Sourcefire
Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space. 
Subscribe to Alerts! Get questions and answers delivered to your Inbox.
Answer Wiki (Improve, edit or add to this answer)
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
For all practical reasons, I can't see why you should keep them longer than a month (mostly, a month is too long, seeing how most DHCP leases are only good for a week, and it's usually hijacked DHCP clients who are attacking you). I'd recommend you back up the data just as far as a class C, so you can know who is attacking you generally (where they are attacking from, and when it has happened, generally [ie, week by week breakdown of recurring class C attacks]). If you need help with that, I think I could throw together a quick script that you would run in a cron.
Browse more Questions and Answers on Security, Storage and DataCenter.
Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.
