Record keeping

1 - Do I really have to record every finger swipe in logs and keep them somewhere? I mean at some point I really have to work and I try not to set up a document monster here.

Answer: Unless you have legal requirements (e.g., laws, regulations, or contracts) demanding you to record every finger swipe in logs and keep them, you only need to record and keep the logs you understand are sufficient to provide confidence to management, customers and other interested parties that you can protect information properly.

2 - You could help me by giving a recommendation on how to simplify this or what the minimum retention requirements are to get the certification.

Answer: First is important to note that ISO 27001 does not prescribe minimum log retention requirements.

Considering that, you can make you work simpler by only logging finger swipes from the most critical systems, from the users that can perform critical activities, and adopt additional controls that can replace the need for keep logs for a long time (e.g., performing regular reviews). 

These articles will provide you a further explanation about logging:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/

This material will also help you regarding logging:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/