Audit Log Management
Introduction
Safeguard 8 - Audit Log Management
Procedures
8.1 - Establish and Maintain an Audit Log Management Process
Meet the Standard for Information Technology Logging requirements.
8.2 - Collect Audit Logs
Use the Central Log Service provided by Virginia Tech to collect logs
8.3 - Ensure Adequate Audit Log Storage
CLS storage capacity is not controlled by end users.
8.4 - Standardize Time Synchronization
Review the Central Log Service documentation to appropriately set settings.
8.5 - Collect Detailed Audit Logs
Review the Central Log Service documentation to collect detailed audit logs - include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements.
8.6 - Collect DNS Query Audit Logs
Review the Central Log Service documentation to appropriately set settings.
8.7 - Collect URL Request Audit Logs
Review the Central Log Service documentation to appropriately set settings.
8.8 - Collect Command line Audit Logs
Review the Central Log Service documentation to appropriately set settings.
8.9 - Centralize Audit Logs
This is already done when you use CLS.
8.10 - Retain Audit Logs
CLS retention should be set for you and is not configurable by the user.
8.11 - Conduct Audit Log Reviews
Review your logs weekly to see if there are any anomalies.
Other
If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.