Logs
To ensure accountability, it is a must to have Logs. Logs are kept to serve as a deterrent to abuse. It is also essential to use for investigating incidents after the facts. These logs are created typically both by an Operating System and other programs and applications such as webServes and mailServers etc. The following are sample events that should be logged – attempts to log-in whether failed or successful, attempts to access files and drives. Logs should include the time and date of activities for tracking purposes, the user ID, commands and arguments executed, ID of the local terminal or remote computer initiating the connection. Logs should be written to another computer whenever possible for integrity reasons. Logs often contain basic and sensitive information such as dates and times of user access.
Posted: March 10th, 2008 under General.
Comments: none