Where should logs for external-facing technologies be written?

• A. Logs for external-facing technologies are stored locally on each device.
• B. Logs for external-facing technologies are written to a centralized external log server.
• C. Logs for external-facing technologies are written onto a secure, centralized, internal log server or media.
• D. Logs for external-facing technologies (for example, wireless, firewalls, DNS, mail) are written onto a secure, centralized, internal log server or media.

Answer: (C)

Centralized, internal log storage is the best approach for logs from external-facing technologies. Writing logs to a secure, centralized internal log server or media ensures the logs stay within the organization’s control, making it easier to protect, retain, and audit them, and to perform cross-device correlation for security monitoring and incident response. Storing logs locally on each device risks loss or tampering and breaks the ability to get a complete, unified view of activity across systems. Writing logs to an external server can expose logs beyond the organization’s security boundary and complicate access control and retention. By centralizing internally, you maintain integrity, confidentiality, and availability of logs critical for monitoring and forensics.