Theory14. Audit Logs
Network managers should ensure that their system is able to create an audit log.
An audit log will record every important event in an 'audit file. It can record things such as:
- Who logged on to the system at what time and onto which computer
- Which files were opened, altered, saved or deleted
- Log events such as attempts to access proxy servers
For example an audit record may look like this:-
User: bigears233
File: TheMostImportantFile.doc
Changed: 3rd January 10:15am
(or Deleted, or Saved).
If there is ever a problem and an employee is suspected of accessing and damaging files then the audit log should be able to provide evidence of who, when and where.
If a hacker is suspected of trying to break through the firewall then the audit log can identify the ports that were used. The network manager can then block future access to those ports.
challenge see if you can find out one extra fact on this topic that we haven't already told you
Click on this link: Audit Logs