ICT Best Practises - Maintain adequate system logs
You are here
System logs are critical in performing troubleshooting. They also play a key role in detecting intrusion attempts and performing forensics on a compromised machine. To ensure that adequate logs are maintained, technicians should:
- Audit successful logins, including the location from which the logins originated.
- Audit unsuccessful logins, including the location from which the attempts originated.
- Audit unsuccessful file accesses.
- Audit the use of administrative privileges with operating system settings or tools such as sudo.
- Maintain logs for other services, such as httpd and syslog logs.
- Ensure that all logs are routinely backed up, preferably each night.
- Keep logs for at least 30 days, but no longer than 60 days.
Category: