Makerere University

Enter a keyword or two into the search box above and click search..

ICT Best Practises - Maintain adequate system logs

You are here

System logs are critical in performing troubleshooting. They also play a key role in detecting intrusion attempts and performing forensics on a compromised machine. To ensure that adequate logs are maintained, technicians should:

  • Audit successful logins, including the location from which the logins originated.
  • Audit unsuccessful logins, including the location from which the attempts originated.
  • Audit unsuccessful file accesses.
  • Audit the use of administrative privileges with operating system settings or tools such as sudo.
  • Maintain logs for other services, such as httpd and syslog logs.
  • Ensure that all logs are routinely backed up, preferably each night.
  • Keep logs for at least 30 days, but no longer than 60 days.