The most appropriate and robust solution to ensure logs are properly retained in an enterprise environment is to use a Security Information and Event Management (SIEM) system. A SIEM is specifically designed to collect, aggregate, normalize, and securely store logs from disparate sources, including legacy platforms. By forwarding the logs from the legacy system to the SIEM, the organization centralizes log management, overcomes the local storage limitations of the legacy platform, and ensures compliance with long-term retention policies mandated by the audit. This approach provides a scalable, secure, and searchable archive for forensic analysis and compliance reporting.

A. A scheduled task is a brittle, localized solution that lacks the centralized management, security, and analytical capabilities inherent in a proper log management infrastructure.

B. Event-based triggers are designed for alerting on specific conditions, not for comprehensive log collection, and would result in incomplete data retention for audit purposes.

D. Building a custom script and database is inefficient, costly to maintain, and less secure than using a dedicated, industry-standard SIEM platform designed for this purpose.

---

1. National Institute of Standards and Technology (NIST) Special Publication 800-92

Guide to Computer Security Log Management.

Section 3.1.3

"Log Storage and Retention

" states: "Organizations should also consider using a dedicated log server for centralized log storage... Centralized log storage facilitates long-term log retention and reduces the risk of logs on individual hosts being lost..." A SIEM is a primary example of a system providing this centralized function.

2. Carnegie Mellon University

Software Engineering Institute

"Common Sense Guide to Mitigating Insider Threats

5th Edition."

Practice 17: Deploy a Log Management System

Page 111

recommends organizations to "Aggregate and centrally store logs from all relevant sources (e.g.

network devices

servers

databases

applications)." This directly supports using a central system like a SIEM to solve the problem described.

3. Al-Abassi

A.

Karim

A.

& Al-Ogaili

A. (2017). A Survey of SIEM Tools. In Proceedings of the International Conference on Big Data and Internet of Things (BDIoT’17). ACM

New York

NY

USA

Article 29

pp. 1–6.

Section 2

"SIEM Architecture

" describes the fundamental components of a SIEM

highlighting the "Log collection" and "Log storage" functions. The text explains that a core purpose of a SIEM is to gather logs from various sources (agents or collectors) and store them in a central repository (database or file system) for analysis and retention.

DOI: https://doi.org/10.1145/3175828.3175857