https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495701#M923410 <HTML><HEAD></HEAD><BODY><P>1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.</P><P>2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 07 Jul 2010 17:51:29 GMT Panos Kampanakis 2010-07-07T17:51:29Z https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495699#M923408 <P>Hi All,</P><P></P><P>I would like to know if there is any best practice document for Firewall logging. This would include</P><P></P><P>1. What level of logging is ideal</P><P>2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.</P><P></P><P>This can include for various industries like IT, Banking etc.</P><P></P><P>Any document pertaining to these would be helpful. Thanks in advance.</P><P></P><P>Regards,</P><P>Manoj</P> Fri, 21 Feb 2020 12:00:18 GMT https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495699#M923408 manoj-wadhwa 2020-02-21T12:00:18Z https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495700#M923409 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><DIV class="jive-rendered-content"><P>Hi All,</P><P></P><P>I would like to know if there is any best practice document for Firewall logging. This would include</P><P></P><P>1. What level of logging is ideal</P><P>2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.</P><P></P><P>This can include for various industries like IT, Banking etc.</P><P></P><P>Any document pertaining to these would be helpful. Thanks in advance.</P><P></P><P>Regards,</P><P>Manoj</P></DIV><P></P></PRE><P>Manoj,</P><P></P><P>Check out the below link for best practice for logging and prerequiste in cisco devices.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest">http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest</A></P><P><A class="jive-link-external-small" href="http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908">http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908</A></P><P></P><P>Hope to Help !!</P><P></P><P>Ganesh.H</P><P></P><P>Remember to rate the helpful post</P></BODY></HTML> Mon, 28 Jun 2010 05:53:50 GMT https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495700#M923409 Ganesh Hariharan 2010-06-28T05:53:50Z https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495701#M923410 <HTML><HEAD></HEAD><BODY><P>1. Level 3, 4(error, warnings) is the ideal. Levels 5-7 (notification, informational, debug) generate more logs and should be used in case you want to troubleshoot.</P><P>2. You should keep as long as possible depending on your policies. Most companies keep the logs for about 6-12 monhts, but it really depends on the company. If your log load is not too much you can keep them for even more.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 07 Jul 2010 17:51:29 GMT https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495701#M923410 Panos Kampanakis 2010-07-07T17:51:29Z https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495702#M923411 <HTML><HEAD></HEAD><BODY><P>For a firewall it is better to have informational if you have a solution like MARS.</P><P>For the logging retention it depends on the country laws and the company policies.</P><P>I think 6 months is the least you should have.</P></BODY></HTML> Thu, 15 Jul 2010 10:25:05 GMT https://community.cisco.com/t5/network-security/best-practice-for-logging/m-p/1495702#M923411 dvithoulkas 2010-07-15T10:25:05Z