Understanding the Need to Retain Logs
From a legal perspective, retaining logs is more and more important to many businesses. In fact, the Payment Card Industry (PCI) Data Security Standard (DSS) dictates the need for a business to “track and monitor all access to network resources and cardholder data.” This means you must ensure that you track your visitors, as well as access to your servers and resources. You are required to ensure that the logs are safe from alteration. Consult with a PCI auditor for specific retention questions for log data.
One benefit of maintaining good logging is the capability to track down what happened after a server or website is hacked.
Here's a real-world example from an FTP server's log following an upload of an exploit via FTP on the server. (The source of the attack and some other data have been removed to protect the website's identity.)
Admin [17/Sep/2010:04:23:44] "STOR exp_ingom0wnar.c" Admin [17/Sep/2010:04:23:44] "STOR pwnkernel.c" Admin [17/Sep/2010:04:23:45] "STOR exp_cheddarbay.c" Admin [17/Sep/2010:04:23:46] "STOR exp_wunderbar.c" Admin [17/Sep/2010:04:23:47] "STOR exp_therebel.c" Admin [17/Sep/2010:04:23:48] "STOR exp_moosecox.c" Admin [17/Sep/2010:04:23:48] "STOR exp_vmware.c" Admin [17/Sep/2010:04:23:49] "STOR exp_framework.h" 226 Admin [17/Sep/2010:04:23:49] "STOR run_null_exploits.sh" Admin [17/Sep/2010:04:23:50] "STOR run_nonnull_exploits.sh" Admin [17/Sep/2010:04:23:51] "STOR exp_paokara.c" Admin [17/Sep/2010:04:23:56] "STOR exploit.c" ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
