"Why are the log files to be saved?
We use ours for trouble shooting ... there's a problem, find out about it,
figure out what to do, fix the problem, it is history.
Thus, the issues become ... how long to we need to save them on-line GO
CLEANUP
and reverse engineer what's causing them to be created in first place, so
as not to create any where we don't need so much."
Why are they to be saved? The QHST logs can be very useful in forensic
analysis where the information needed to piece something together may not be
in the QAUDJRN journal receivers. In these "big" companies, upper
management is often all about the ability to clearly explain root cause
information, even when an event is days or weeks old.
As far as what's causing them to be created in the first place? My question
was not grounded on dealing with space issues or anything like that. I'm a
FIRM proponent of logging as much as possible whenever and wherever
possible. Having been on the security side since 1995, I have been involved
in more than one situation where I had to tell management, "Gee, boss, I
can't answer that for you because we didn't log that information." I'd
rather have it and not need it, than need it and not have it.
PS - Thanks, Paul. I was looking for general trend answers like that!
Best regards,
Steven W. Martinson, CISA, CISM, CISSP
Security Consultant
Cypress, Texas
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.