Log files fillup!

We have a variety of servers that run many different applications which log to a file.  This includes IIS, SMTP, FTP, etc.  The list goes on and on.  It is easy to lose track of them all, and even easier to let the log files fill up your drive while your not watching!

We have had to go through and zip up or delete logs to clear up disk space many times.  The full drives have on occasion caused service outages due to not being able to write to the log files.  We have struggled to find an easy/inexpensive way to do this.  It would be easy to write a batch script to delete all the files, but we are under PCI requirements to keep a certain amount of log files on disk for compliance reasons.  Thus the need to zip up the files and delete the originals.

One of our excellent coders at my office came up with this great VB script that will do just this for us.  It will curse through a directory *and all its sub directories* looking for files with the extension ‘.log’ (or whatever extension you want) and mash them all into a single date-stamped zip file.

One thing I need to mention is that this script is looking specifically for log files that have a date stamped file name (this is how it created a date stamped zip), so it will only really work on IIS logs and the like.

Take it for a spin and let me know what you think!


[UPDATE: 8/19/2011] I have a new version of this file described in the following post.

SAS70 Control Activity Pains

The company I work for is in our second attestation period.  The first time was very painful and a lot of extra work, but only a 6 month audit period.  This time we’re under a 9 month audit!  It is very taxing to keep on your toes that much, for that long.
During our first period we learned a lot about how we had written our Control Activities to support our Control Objectives.  We were at times too specific on our CA wording and backed ourselves into a corner more than once.  Luckily we did not have any major exceptions and gained a favorable audit opinion which was quite a milestone for our small company.

The single biggest issue that we found was how we worded the Control Activities.  We made the description specific to the control activity in a way that locked us into that description for the duration of our audit.  This became problematic when we ran into an unforseen issue with how we were then required to do things. If there was a problem, we could not change the CA during the audit period.

This is where my biggest/only recommendation comes in.  Word your CAs so that it refers to a policy/procedure document for how you do things.  That way you can update your document as needed without changing the CA itself.