Log Retention and Compliance

By: SolarWinds


At some point, almost every organization needs to assess their ability to meet regulatory compliance guidelines. Having all network, systems, and security data in check for an audit can be a challenge for IT teams. This is primarily because most regulatory standards mandate the collection and storage of logs for compliance.

  • PCI DSS: Specifies the retention of audit trail history for at least one year, with a minimum of three months immediately available for analysis – meaning online, archived, or restorable from backup.
  • HIPAA: Applies to the healthcare industry. Logs should be retained for up to six years.
  • NERC: Affects electric power providers. Specifies log retention for six months and audit record retention for three years.
  • SOX: Pertains to U.S. corporations. Specifies retaining audit logs for up to seven years.

Given all the goings-on in an IT organization—infrastructure set up, monitoring, troubleshooting, security, inventory upkeep, dealing with vendors, etc.—it has become next to impossible to maintain log files for any length of time. Log maintenance isn’t as easy as it sounds. It involves the continuous process of archival and storage, review, and clean-up.

The volume of logs typically collected from network devices (routers, switches, and firewalls), servers, and workstations is very high. At times, you’re required to filter out the noise, not collect some logs, or collect only the important ones.

Besides the compliance angle, you want to store and maintain logs for security analysis. You can easily pull up historical logs for deeper investigation of security violations and breaches.

While SIEM is the best technology for log management, a syslog server helps simplify log collection, archival, and storage. The best part about a syslog server is that it can be used in conjunction with a SIEM solution to filter out unwanted syslog messages and send only the ones you want to monitor and store to SIEM.

By itself, a syslog server is a powerful technology for log retention, allowing you to compress and store logs as long as you need for compliance and an audit trail. You can also set up log deletion schedules to purge older log files. Automating log retention can help you save considerable time, allowing you to address more pressing IT issues.

Start Taking Steps Towards Better Security and Compliance

Kiwi Syslog® Server is a multi-purpose tool for IT admins, allowing them to collect, filter, alert, forward, react to, archive, and store logs. Whether you collect syslog messages, SNMP traps, or Windows® event log messages, Kiwi Syslog Server is a great utility to set up automated log storage and clean-up schedules. Don’t believe it? Give it a try!

 

 

 

Leave a Reply