Manage Learn to apply best practices and optimize your operations.

How long should I keep audit logs around?

I view our iSeries Security Audit Journals on a daily basis. I am wondering what the recommended time is to hold...

onto the previous journals I have already viewed for violations. In other words, should I save more than one months worth of journal logs before I delete them from the iSeries? Should I be archiving these journals onto tape or just delete them?

I hate to do this to you, but this is one of those "it depends" questions. The answer to this question should be found in your corporate security policy. Vital records retention schedules typically vary by industry. Some industries, like financial, healthcare and government have much longer retention schedules than, say, hospitality or retail.

If you have no regulatory statues or industry standards to guide you, then you have to start thinking about why you would want to keep the audit records around. Beyond being legally required to keep audit logs, the primary reason companies keep them is so they will have forensics data in case they ever need to go back and investigate some action that occurred on their system. Without audit logs you might not have proof an activity occurred; therefore, proving a case in court might prove very difficult. How long do you keep audit logs around? That's a business choice that only you can make. Hopefully this has given you some help so you can make that decision.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.