Does your company have the logs policy?

No matter which type of industry, country, or auditor you have, logging is essential (mandatory) in your system management. Especially applications and systems logs are important for many business and compliance reasons, they must protect and retain adequately.

There are a number of types of logs for instances

• Application/web server logs
• IAM logs (Activity logs)
• Infrastructure system logs
• Database logs

The type can be categorized based on how we classify it.

Policy?

Does your company have a well-defined policy? not just high-level? I of course can say

“Please put your log in a SAFE place, and protect by ACCESS control, and retain a LONG time”. This will eventually change back to consequences like

• Too tight (or messy) so anyone can’t join or all can access the logs.
• Retain logs too long (wrong) time which causes the cost and performance issues.
• A big chunk of data/logs will charge you a lot and it will only grow up.
• You can see the logs everywhere e.g. in server, (AWS case), cloud watch, S3, Splunk (SIEM), etc. (With lifecycle defined)

For this reason, we should have a policy, guideline (baseline), and the best is to have procedures. Because the logs include too various and different classes of data/contents…