ICT Best Practises - Maintain adequate system logs

System logs are critical in performing troubleshooting. They also play a key role in detecting intrusion attempts and performing forensics on a compromised machine. To ensure that adequate logs are maintained, technicians should:

• Audit successful logins, including the location from which the logins originated.
• Audit unsuccessful logins, including the location from which the attempts originated.
• Audit unsuccessful file accesses.
• Audit the use of administrative privileges with operating system settings or tools such as sudo.
• Maintain logs for other services, such as httpd and syslog logs.
• Ensure that all logs are routinely backed up, preferably each night.
• Keep logs for at least 30 days, but no longer than 60 days.