As was stated, step one is to understand your environment.
Other then legal requirements - there are regulatory and contractual. An example is PCI-DSS. S 10.7 states "Retain audit trail history for at least one year, with a minimum of three months online availability." If there is ANY pending legal action, you should involve council and have them decide. In this case you may be required to keep logs for up to 6 years. Regards, Dr Craig Wright (GSE-Compliance)
