Chapter 24. Auditing


LADY MACBETH: Your servants everHave theirs, themselves and what is theirs, in compt,To make their audit at your highness' pleasure,Still to return your own.

 --The Tragedy of Macbeth, I, vi, 27–30.

Auditing is an a posteriori technique for determining security violations. This chapter presents the notions of logging (recording of system events and actions) and auditing (analysis of these records). Auditing plays a major role in detection of security violations and in postmortem analysis to determine precisely what happened and how. This makes an effective auditing subsystem a key security component of any system.


The development of techniques for auditing computer systems sprang from the need to trace access to ...

Get Computer Security: Art and Science now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.