top 11 reasons to collect and preserve

Top 11 Reasons to Collect and Preserve Computer Logs

I've been wanting to create those for a loooooong time and finally -

here they are (you can guess I've been on a long flight :-)). Some are

admittedly tongue-in-cheek, but useful nonetheless. So, enjoy

Anton's "Top 11 Reasons to Collect and Preserve Computer Logs",

presented in no particular order:

1. Before anything else, do you deal with credit cards? Patient info?

Are you a government org under FISMA? A financial org? You have to

keep'em - stop reading further.

2. What if there is a law or a regulation that requires you to retain

logs - and you don't know about it yet? Does the world

"compliance" ring a bell?

3. An auditor comes and asks for logs. Do you want to respond "Eh,

what do you mean?"?

4. A system starts crashing and keeps doing so. Where is the answer?

Oops, it was in the logs - you just didn't retain them ...

5. Somebody posts a piece of your future quarterly report online. Did

John Smith did it? How? If not him, who did? Let's see who touched

this document, got logs?

6. A malware is rampant on your network. Where it came from? Who

spreads it? Just check the logs - but only if you have them saved.

7. Your boss comes and says 'I emailed you this and you ignored it!!'

- 'No, you didn't!!!' Who is right? Only email logs can tell!

8. Network is slow; somebody is hogging the bandwidth. Let's catch

the bastard! Is your firewall logging? Keep the info at least

until you can investigate.

9. Somebody added a table to your database. Maybe he did something

else too - no change control forms were filed. Got database log

management? How else would you know?

10. Disk space is cheap; tape is cheaper still. Save a log! Got SAN or

NAS? Save a few of them!

11. If you plan to throw away a log record, think - are you 100% sure

you won't need it, ever? Exactly! :-) Keep it.

Have more? Feel free to suggest your own reasons below!

Coming soon: "Top 11 Reasons to Look at Your Logs"