http://www.linuxquestions.org/questions/blog/wasim_jd-623573/ LinuxQuestions.org offers a free Linux forum where Linux newbies can ask questions and Linux experts can offer advice. Topics include security, installation, networking and much more. en Sun, 26 May 2013 01:13:06 GMT vBulletin 60 https://lqo-thequestionsnetw.netdna-ssl.com/questions/images/misc/rss.jpg http://www.linuxquestions.org/questions/blog/wasim_jd-623573/ http://www.linuxquestions.org/questions/blog/wasim_jd-623573/log-management-34558/ Wed, 07 Mar 2012 13:37:49 GMT May I request to assist me in knowing whether all these are recorded in logs and if yes where the logs are located??? What Activity was performed ?... May I request to assist me in knowing whether all these are recorded in logs and if yes where the logs are located???
What Activity was performed ? (eg: login of user or enable/ disable network port etc)
What were tool(s) activity was performed with ? (eg. Administrator tool, Windows tools, rlogin, Gzip etc)
What is the status of the activity (Success or Failure), outcome or result of activity ?
Who performed the activity, including where or what system the activity was performed? (eg root, admin or application system)
Why was the activity performed?
When was the Activity performed?
"Create, read, update, or delete confidential information, including
confidential authentication information such as passwords;"
Create, update, or delete information not covered in #7;
Initiate a network connection;
Accept a network connection;
User authentication and authorization for activities covered in #7 or #8 such as user login and logout;
Grant, modify, or revoke access rights, including adding a new user or group, changing user privilege levels, changing file permissions, changing database object permissions, changing firewall rules, and user password changes;
System, network, or services configuration changes, including installation of software patches and updates, or other installed software changes;
Application process startup, shutdown, or restart;
"Application process abort, failure, or abnormal end, especially due to resource
exhaustion or reaching a resource limit or threshold (such as for CPU, memory,
network connections, network bandwidth, disk space, or hardware fault; and"
Detection of Suspicious/ malicious activity from the IPS or IDS
Detection of Suspicious/malicious activity from the Antivirus or Antispyware system.
" Type of action – examples include authorize, create, read, update, delete, and
accept network connection."
" Subsystem performing the action – examples include process or transaction
name, process or transaction identifier."
"Identifiers (as many as available) for the subject requesting the action – examples
include user name, computer name, IP address, and MAC address."
" Identifiers (as many as available) for the object the action was performed on
– examples include file names accessed, unique identifiers of records accessed in a database, query parameters used to determine records accessed in a database, computer name,"
Before and after values when action involves updating a data element, if feasible
Date and time the action was performed, including relevant time-zone
Whether the action was allowed or denied by access-control mechanisms.
Description and/or reason-codes of why the action was denied by the access-control mechanism, if applicable


Thanks a lot..... ]]> wasim_jd http://www.linuxquestions.org/questions/blog/wasim_jd-623573/log-management-34558/