Care and Feeding of Your Log Files
One of my clients notified me, as I was writing the first draft of this chapter, about an "incident" to their site. In retrospect, it was only forum spam, but given the nature of the forum spam we felt it was important to grab the logs. In the hands of law enforcement, these logs hopefully will help track down this person and stop his or her activity. This is a single and simple example of caring for the logs. The items of concern were:
1. The logs would eventually and shortly be "overwritten".
2. If someone had breached the site, they could wipe the logs.
Another reason that comes to mind is a terribly low tech, but sometimes effective denial of service attack of filling up log files. In some cases the applications or the OS may stop working if the logs fill up.
In our web servers, simply deleting the log files that are full may cause us to lose the very reason they were filled up.
Here are some thoughts on logs.
You might be running one of the following...