Event Logging Overview
The evaluated configuration requires the auditing of configuration changes through the system log.
In addition, Junos OS can:
Send automated responses to audit events (syslog entry creation).
Allow authorized managers to examine audit logs.
Send audit files to external servers.
Allow authorized managers to return the system to a known state.
The logging for the evaluated configuration must capture the following events:
Starting and stopping services.
Changes to configuration of audit behavior.
Changes to thresholds for SSH re-keying.
Changes to secret key data in the configuration.
Login/logout of users.
Failure to establish an SSH session.
Establishment/termination of an SSH session.
Changes to the (system) time.
Termination of a remote session by the session locking mechanism.
Termination of an interactive session.
Changes to modification or deletion of cryptographic keys.
In addition, Juniper Networks recommends that logging also:
Capture all changes to the configuration.
Store logging information remotely.