Hi
We just had an auditor tell us to formally review our logging parameters on the server and implement best practice for logging, based on a risk assessment. Phew!
Before my time here, there was no reasoning behind what we chose to log or not log.
Any ideas where such a "best practice" guide could be found. Its not financial data on the server, but we need to implement a "decent" logging policy.
Cheers
Your question is really too open-ended IMO. This is random:
Are there external incoming connections (initiated from outside your firewall)?
Can your box connect to boxes in your DMZ?
Do you use an external DNS name service?
Do you consume web services? Consume external web services? Provide web services?
Do you track security violations? - you should.
Do you audit user activity?
Do you have a data access policy and paperwork to back it up?
Do you have a solid backup process? off site backup? failover?
This list goes on - you get the idea.
There is no single set of 'best practices' for logging - it usually is more a matter of what your box is exposed to, your level of risk tolerance, what the datasets on the server represent, etc. Then there are basics like monitoring the heck out of externally initiated connections.
If you google 'best practices' you will be presented with an onslaught of choices. You have to select the models that fit your system. Apache has great guidelines for example.
But they may make no sense for your situation.