undefined | Better HN

0 pointsmsm_3y ago0 comments

It's absolutely not enough for APT investigation. Average attacks lengths are in months, infections sometimes span multiple years. Especially since we're talking about a backdoor (ransomware operators tend to move more quickly)

0 comments

Dylan168073y ago

It's not enough for that, but that bar is too high. Unless the logs are very small, you should not be keeping years of them. I still say 20MB is enough for a desktop.

gerdesj3y ago

Depends on the desktop. Mine does quite a lot of stuff. /var/log is 8.3Gb and the journal is probably a monster.

Your use case is probably different to mine - I'm a security officer for my firm.

j / k navigate · click thread line to collapse

0 comments

Dylan168073y ago

It's not enough for that, but that bar is too high. Unless the logs are very small, you should not be keeping years of them. I still say 20MB is enough for a desktop.

gerdesj3y ago

Depends on the desktop. Mine does quite a lot of stuff. /var/log is 8.3Gb and the journal is probably a monster.

Your use case is probably different to mine - I'm a security officer for my firm.

j / k navigate · click thread line to collapse