Retention policies-all logs collected are used in the active and passive monitoring process. all logs are kept on archive for a period of time, called a retention period. this period of time will be determined by your company policies. this allows the use of logs for regular audits, and annual audits if retention is longer then a year. logs must be secured to prevent modification, deletion, and destruction.administrator preference is often used to determine certain things like how long logs are retained ... but since these decisions can affect the ability of the company to go back and research potential security issues, it is a corporate issue that should be governed by a deliberate policy statement.mttf and mttr are not relevant to setting the time for which logs will be retained. mttf (mean time to failure, sometimes called mtbf, mean time before failure) is related to the average amount of time a piece of equipment will be in service before it fails. mttr (mean time to repair) is a measure of how long it will take to repair the equipment when it fails.