Using Kiwi Syslog Server for Log Storage allows you to: - Automate log retention and clean-up - Meet compliance requirements - Create and maintain an audit trail - Use stored logs for security analysis

1. GET YOUR **IT TOGETHER!
LOG RETENTION, CLEAN-UP
& COMPLIANCE
RYAN ALBERT DONOVAN AND
SHANNON KEELING

2. • What:
• The collection and storage of logs followed by
their removal after a defined period of time.
• Log retention is an integral part of security and
compliance
• Why:
• Regulatory compliance standards mandate not
only the retention of logs, but also the need for
the policy that governs the retention and
destruction of said logs.
2
LOG RETENTION & CLEAN-UP
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

3. • HIPAA– requires “sufficient information to establish what events occurred, when they
occurred, and who (or what) caused them.” as well as 6 years of retention of
documents
• SOX - requires written, mandatory policy for retention and destruction, and 7 years
retention
• PCI DSS – requires 1 year of retention
• FISMA – see NIST special publication 800-53
3
COMPLIANCE
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURITY & REGULATION

4. • Defining your log retention policy
• Determine the appropriate retention time.
• Document the retention requirements for each
type of information/document
• Establish policies, procedures and technical
controls to facilitate and support the retention
requirements.
• Real-time alerting
• Essential element in log monitoring
• Notifies you when certain criteria are met
• Fully customizable
4© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LOG RETENTION BEST PRACTICES

5. Events:
• Any changes to File or Folder ACLs
• Registry Access – adds, changes, and deletions
• User account changes that provide administrator
equivalent permissions
• Active Directory® access and changes
• Changes to Groups – adds, changes or deletions
• Windows® and SSH® login failures and
successes
• System events – process start and shutdown
• Application failure, start or shutdown
• IDS and anti-virus logs
• Interfaces for high TCP and UDP traffic
• Server off-line or on-line and reboots
• Access to network infrastructure
• Changes to ACLs on switches, routers or firewalls
• DNS changes
• Web server access and permission changes
• HTTP “404” errors
• FTP server access and file transfers
• Server and workstation logs for intrusion incidents
and policy changes
• Access and permission changes to Files, Folders,
and Objects containing financial, customer or
compliance data
Categories:
• Logon Events - Success/Failure
• Account Logons - Success/Failure
• Object Access - Success/Failure
• Process Tracking - Success
• Policy Change - Success/Failure
• Account Management – Success
• Directory Service Access - Success/Failure
• System Events - Success/Failure
5© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
KEY WINDOWS AND SYSLOG EVENTS

6. 6© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
USING KIWI SYSLOG SERVER
FOR LOG RETENTION, CLEAN-UP & COMPLIANCE
• Create filters
• Retention & clean-up schedules
• Set up alerting
• Log to a database
• Event Log Forwarder

7. • Deploy quickly – accepts Syslog, SNMP & Event Log data from your existing deployment
• Monitor real-time logs– display logs anywhere through the secure Web access module
• React to messages– send email, run programs, or forward data when messages arrive
• Troubleshoot problems– centralize logs to quickly pinpoint issues
• Compliance– implement log retention requirements of SOX, FISMA, PCI-DSS & more
7© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
KIWI SYSLOG SERVER
MANAGE SYSLOG, SNMP TRAP, AND WINDOWS EVENT LOG MESSAGES

8. • http://www.kiwisyslog.com:
• Free, fully-functional 14-day trial
• Contact us to:
• Speak with someone about pricing & licensing
• Schedule a personal live demonstration
Email: kiwisales@solarwinds.com
Phone: 1-855-498-4157
8© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LEARN MORE
ABOUT LOG RETENTION WITH KIWI SYSLOG SERVER

9. The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of
SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office,
and may be registered or pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks, registered or pending
registration in the United States or in other countries. All other trademarks mentioned
herein are used for identification purposes only and may be or are trademarks or
registered trademarks of their respective companies.
9© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.