Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Event Logging Overview

 

The evaluated configuration requires the auditing of configuration changes through the system log.

In addition, Junos OS can:

  • Send automated responses to audit events (syslog entry creation).

  • Allow authorized managers to examine audit logs.

  • Send audit files to external servers.

  • Allow authorized managers to return the system to a known state.

The logging for the evaluated configuration must capture the following events:

  • Starting and stopping services.

  • Changes to configuration of audit behavior.

  • Changes to thresholds for SSH re-keying.

  • Changes to secret key data in the configuration.

  • Committed changes.

  • Login/logout of users.

  • System startup.

  • Failure to establish an SSH session.

  • Establishment/termination of an SSH session.

  • Changes to the (system) time.

  • Termination of a remote session by the session locking mechanism.

  • Termination of an interactive session.

  • Changes to modification or deletion of cryptographic keys.

  • Password resets.

In addition, Juniper Networks recommends that logging also:

  • Capture all changes to the configuration.

  • Store logging information remotely.

Related Documentation