Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 8199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log File Retention

Tekkie

I'm looking for some clarification concerning the log files used in sophos ESDP(I have researched this a bit, but have so far come up nearly empty in my search attempts). Our environment is Enterprise Console 4.5 on 180 clients. The goal of this is to have the ability to immediately provide 3 months of "audit-trails" for sophos log generations for a security audit. Additionally, we would need to have the log files retained for at least a year. Storage space is not an issue, in my mind the more logged information we can provide the better.

On to my question on retention(2 - part question), the first being is there a default amount of time a log is retained on the clients or is this dictated by the amount of disk space devoted to the aforementioned log files. If there is a way to set the amount of time a log file is retained, how would one go about accomplishing this?

My second question is concerning the possibility of having the log files be pulled to a central syslog server. If this option is available then the retention of the log files on the local machine is no longer relevant as they would be stored on a syslog server where we could retain them for the required period of time.

Thank you in advance

:11149


This thread was automatically locked due to age.
Parents
  • 0

    "What are you trying to retain exactly?" - We are just wanting to show that the clients are up to date and that any threat events are logged. I have parsed through the articles you have linked and we are now working with the database reporting function to pull those logged events we are looking for. We will then pull the reports we run from the EC database to a central syslogging server as any system events(windows events, AV logs etc) must be consolidated on a central server for this requirement to keep in compliance.


    I appreciate all your assistance on this matter and you have been more than helpful. Kudos and thank you Jak.

    :11201
Reply
  • 0

    "What are you trying to retain exactly?" - We are just wanting to show that the clients are up to date and that any threat events are logged. I have parsed through the articles you have linked and we are now working with the database reporting function to pull those logged events we are looking for. We will then pull the reports we run from the EC database to a central syslogging server as any system events(windows events, AV logs etc) must be consolidated on a central server for this requirement to keep in compliance.


    I appreciate all your assistance on this matter and you have been more than helpful. Kudos and thank you Jak.

    :11201
Children
No Data
Unfiltered HTML