Issue NIS2 and logs, what to keep for how long?

[Linulex]

Server operating system version

alma 8.10

Plesk version and microupdate number

18.0.64 #1

I know that for NIS2 you have to save logs with login and dns data off-server for safe keeping, but what logs exactly do i need to safe?

I know these logs have login data:
- /var/log/pleskactions (exported plesk log as per plesk nis2 manual)
- /var/log/secure
- /var/log/maillog

Do i miss something, and are these needed? Is it mandatory to keep maillogs for that long? Doesnt that breach privacy?

And for how log do i need to keep them? I read 18 months somewhere, is this correct?

Regards
Jan

 

[Bitpalast]

Data retention is still prohibited by GDPR. Long-term storage of log files is no required, neither allowed. Could you please refer the location in the NIS2 documents where you read that logs must be saved?

 

[Linulex]

According to this its 18 months, but 18 months seems a very long time, hence my question.

NIS2 EN - TeskaLabs LogMan.io

This is a pan-European piece of legislation on cyber security. It aims to achieve a high level of cyber security in all EU Member States.

logman.io

Obligation to store logs of all systems and IT infrastructure​

The directive also requires the storage of logs from all systems and IT infrastructure and their subsequent storage in an unalterable form for at least 18 months.

And according to Plesk in the documentation

Copying Plesk Action Log Records to an External Server

Logs are the most fundamental way to determine user, system, and application activity on a network. If an attacker ha...

docs.plesk.com

In compliance with the NIS2 directive, organizations must guarantee that logs are complete, accurate, and safeguarded against any unauthorised modifications or disruptions.To protect logs and make your Plesk server NIS2 compliant, you need to configure Plesk to send a copy of Plesk Action Log records to an external log server.

Regards
Jan

 

[Bitpalast]

Thank you. That source says:

• "The directive also requires the storage of logs from all systems and IT infrastructure and their subsequent storage in an unalterable form for at least 18 months."

But where in the EU docs is this written? I must have missed that.

Plus, in Germany, the EU regulation has not yet been put into a law.

I am not saying, the storage requirement was false information, but maybe it is meant for specific cases. For that reason it will be best to find out where this requirement is formulated in the original source and what the context is.

 

[Linulex]

If external storage is not needed, why would Plesk invest resources so that the action log can be handled by rsyslog and why would Plesk create a whole support page on it and why would Plesk say it is mandatory? I presume Plesk has looked it up.

To protect logs and make your Plesk server NIS2 compliant, you need to configure Plesk to send a copy of Plesk Action Log records to an external log server.

I know it is not yet law, but it should have been

New rules to boost cybersecurity of EU's critical entities and networks

The Commission has adopted today the first implementing rules on cybersecurity of critical entities and networks under the Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive).

ec.europa.eu

Today's adoption of the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of tomorrow, 18 October 2024, all Member States must apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures.

if i am correct, it will become law in the netherlands "somewhere in 2025"

regards
Jan