Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Log Storage and Retention > Data Availability - Pg. 243

Log Storage and Retention 243 surpass 170 GB over an 8-hour period for a medium-sized enterprise collecting information at approximately 20,000 EPS. 15 Data retention refers to the amount of information that is stored long term, and can be measured in volume (the size of the total collected logs in bytes) and time (the number of months or years that logs are stored for). The length of time a log is retained is important, as this metric is often defined by compliance regulations-- for example, NERC CIP requires that logs are retained for anywhere from 90 days to up to 3 years, depending upon the nature of the log. 16 By determining which logs are needed for compliance and for how long they must be kept, the amount of physical storage space that is required can be calculated. Factors that should be considered include the following: l l l l Identifying the quantity of inbound logs Determining the average log file size Determining the period of retention required for logs Determining the supported file compression ratios of the Log Management or SIEM platform being used Table 9.3 illustrates how sustained log collection rates map to total log storage