14. Audit Logs

Network managers should ensure that their system is able to create an audit log.

An audit log will record every important event in an 'audit file. It can record things such as:

  • Who logged on to the system at what time and onto which computer
  • Which files were opened, altered, saved or deleted
  • Log events such as attempts to access proxy servers

For example an audit record may look like this:-

User: bigears233

File: TheMostImportantFile.doc

Changed: 3rd January 10:15am

(or Deleted, or Saved).

If there is ever a problem and an employee is suspected of accessing and damaging files then the audit log should be able to provide evidence of who, when and where.

If a hacker is suspected of trying to break through the firewall then the audit log can identify the ports that were used. The network manager can then block future access to those ports.


challenge see if you can find out one extra fact on this topic that we haven't already told you

Click on this link: Audit Logs