Chapter 21. Auditing


LADY MACBETH: Your servants ever Have theirs, themselves and what is theirs, in compt, To make their audit at your highness' pleasure, Still to return your own.

 --The Tragedy of Macbeth, I, vi, 27–30.

Auditing is an a posteriori technique for determining security violations. This chapter presents the notions of logging (recording of system events and actions) and auditing (analysis of these records). Auditing plays a major role in detection of security violations and in postmortem analysis to determine precisely what happened and how. This makes an effective auditing subsystem a key security component of any system.


The development of techniques for auditing computer systems sprang from the need to trace access ...

Get Introduction to Computer Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.