Planning for Your Logs

Planning for logs might sound about as fun as going to the dentist. And, yes, sadly, sometimes log management can be painful. However, doing some planning can ease that pain. One great thing is that planning can occur at any time, even if you've been running your site for some time.

Your plan should take into account such things as the retention time for logs, when to review (and who reviews) the logs, where you will store the logs, and, of course, how you respond to events.

Most of the time, you can put your logs on auto-pilot with a good plan.

Developing a Retention Policy

There probably isn't a good rule that says you must keep logs for “x” months. The amount of time you should keep logs around is very dependent on your business, industry, amount of traffic you receive, and other factors.

The best way to determine how long to retain logs is to consider the following guidelines:

  • Business and legal needs — Your business may be one that has a legal requirement or a specific need for log retention. This could be that you're an e-commerce-type business, or perhaps a medically oriented business. It could be that you want to track long-term traffic trends for marketing and search engine optimization (SEO). You will want to define the process used to destroy and retain log data, as well as which logs are to be kept. In this category, your specific needs will outweigh other factors.
  • Size of logs — Even an average site can quickly create very large access logs. ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.