Problem solve Get help with specific problems with your technologies, process and projects.

Snort Log retention

Best practices for retention of snort logs may hinge on external requirements like Sarbanes-Oxley. Learn when it's OK to delete logs and when to hang on to them.

Is there any reason I should keep year-old snort log files? Only techs access the system and I need the space.
Is there a reason to keep year-old Snort logs? Well maybe. Most log retention decisions are based on one of the following factors:
  • policy
  • regulation
  • audit
  • capacity

    If your organization has a log retention policy, then the duration of retention should be documented. If your organization comes under the auspices of some regulatory body or document - Sarbanes-Oxley, for example - then this may mandate a retention period for certain types of transactions. If the log data isn't covered by either of these and you don't need it for any other purpose - like later investigation or audit - then I see no reason why it cannot be deleted.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.