Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 3902 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AntiVirus Log Settings

tcshain

Hello Sophos folks!

My organization is under going our annual security audit and our auditor has asked us to provide the following:

  • Evidences showing that Antivirus logs stored with one year retention period

I am looking to find a setting the explicitly says how long anti virus logs will be stored for.

Does such an option exist?

Looking at the anti virus logs found in "C:\ProgramData\Sophos\Sophos Anti-Virus\Logs", I can see the "SAV" log only shows the current month.

It also contains additional log files for the past 3 months, but require a full years worth.

Could any one point me in the right direction? 

Thanks!

:45321


This thread was automatically locked due to age.
Parents
  • 0
    Hello tcshain,

    I'm always mystified why auditors seemingly love to concentrate on rather irrelevant aspects. What the heck can anyone do with last year's AV log? Have they already verifies that the information in the log is reliable and complete or that it somehow can be correlated with other information to show whether protection has been on or off at a certain point in time and why?

    Keeping more than three months is a client side only setting. Probably a regular backup is the best solution. It must be obvious even to auditors that the system which produces logs is NEVER EVER the appropiate place to store them.

    Christian
    :45325
Reply
  • 0
    Hello tcshain,

    I'm always mystified why auditors seemingly love to concentrate on rather irrelevant aspects. What the heck can anyone do with last year's AV log? Have they already verifies that the information in the log is reliable and complete or that it somehow can be correlated with other information to show whether protection has been on or off at a certain point in time and why?

    Keeping more than three months is a client side only setting. Probably a regular backup is the best solution. It must be obvious even to auditors that the system which produces logs is NEVER EVER the appropiate place to store them.

    Christian
    :45325
Children
No Data