Audit Log Management

Introduction

Safeguard 8 - Audit Log Management

Procedures

8.1 - Establish and Maintain an Audit Log Management Process

Meet the Standard for Information Technology Logging requirements.

8.2 - Collect Audit Logs

Use the Central Log Service provided by Virginia Tech to collect logs

8.3 - Ensure Adequate Audit Log Storage

CLS storage capacity is not controlled by end users.

8.4 - Standardize Time Synchronization

Review the Central Log Service documentation to appropriately set settings.

8.5 - Collect Detailed Audit Logs

Review the Central Log Service documentation to collect detailed audit logs - include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements.

8.6 - Collect DNS Query Audit Logs

Review the Central Log Service documentation to appropriately set settings.

8.7 - Collect URL Request Audit Logs

Review the Central Log Service documentation to appropriately set settings.

8.8 - Collect Command line Audit Logs

Review the Central Log Service documentation to appropriately set settings.

8.9 - Centralize Audit Logs

This is already done when you use CLS.

8.10 - Retain Audit Logs

CLS retention should be set for you and is not configurable by the user.

8.11 - Conduct Audit Log Reviews

Review your logs weekly to see if there are any anomalies.

Other

If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.