Review
All host level logs (syslog and auth.log) are captured and forwarded via syslog to the JH SIEM (Splunk). JH ICS monitors and maintains the Splunk alerts and dashboards. Banno application and infrastructure logs are also captured and aggregated into Datadog. Service teams review irregularities and are expected to raise their concerns to the appropriate teams for review.
Retention
This is our policy for which logs we keep and for how long. We can choose to keep logs for a longer period of time than defined here, but this is the minimum.
1 Year Log Retention
- Load Balancer (nginx, haproxy)
- Vault (access and audit logs)
- SSH
- DB access logs
3 Month Log Retention
- We will maintain all other logs for troubleshooting purposes
- These will be stored for a minimum of 3 months, after which they can be safely deleted if we need the space
- Examples of such logs:
- application logs
- syslog