Configuring Common Criteria Event Logging

A secure Junos environment requires the auditing of configuration changes through syslog. RADIUS/TACACS+can also be used.

In addition, the Junos software can:

• Send automated responses to audit events (syslog entry creation).
• Allow authorized managers to examine audit logs.
• Send audit files to external servers.
• Allow authorized managers to return the system to a known state.

The logging for Common Criteria must capture the following events:

• Changes to secret data in the configuration.
• Committed changes.
• Login/logout of users.
• System startup and shutdown.

In addition, we recommend that logging also:

• Capture all changes to the configuration.
• Store logging information remotely.

This chapter provides the following information about Junos software for Common Criteria event logging:

• Configuring Event Logging to a Local File
• Configuring Event Logging to a Remote Server
• Configuring NTP
• Logging Configuration Changes to Secrets
• Login and Logout Events Using SSH
• Logging of Audit Startup and Shutdown