Logging Considerations
Regardless of how diligent your organization is when it comes to monitoring security, the majority of violations will be discovered after they occur. In most cases, administrators will see the evidence of violations without witnessing their occurrence. One method administrators use to review system activity is to examine the logs that systems and major software packages generate. The logs produced by these components can log everything users do on a system or network, or they can log errors or certain successful accesses, such as administrative users being granted access to systems.
Logging policies are difficult because you cannot write one statement that fits every environment. While it can be impractical to log every ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access