Here's some good stuff I found on keeping logs:
1. Before anything else, do you deal with credit cards?
Patient info? Are you a government org under FISMA?
A financial org? You have to keep'em - stop reading further.
2. What if there is a law or a regulation that requires
you to retain logs - and you don't know about it yet?
Does the world "compliance" ring a bell?
3. An auditor comes and asks for logs. Do you want to
respond "Eh, what do you mean?"?
4. A system starts crashing and keeps doing so. Where is the
answer? Oops, it was in the logs - you just didn't retain them ...
5. Somebody posts a piece of your future quarterly report
online. Did John Smith did it? How? If not him, who did?
Let's see who touched this document, got logs?
6. A malware is rampant on your network. Where it came from? Who
spreads it? Just check the logs - but only if you have them saved.
7. Your boss comes and says 'I emailed you this and you ignored it!!'
'No, you didn't!!!' Who is right? Only email logs can tell!
8. Network is slow; somebody is hogging the bandwidth. Let's
catch the bastard! Is your firewall logging? Keep the info
at least until you can investigate.
9. Somebody added a table to your database. Maybe he did something
else too - no change control forms were filed. Got database log
management?
http://www.loglogic.com/ How else would you know?
10. Disk space is cheap; tape is cheaper still. Save a log! Got
SAN or NAS? Save a few of them!
11. If you plan to throw away a log record, think - are you 100%
sure you won't need it, ever? Exactly! :-) Keep it.
Credit for this article given to Anton on Security at:
http://blogs.ittoolbox.com/security/anton/archives/top-11-reasons-to-collect-and-preserve-computer-logs-15468
