Event Logging Overview
The evaluated configuration requires the auditing of configuration changes through the system log.
In addition, Junos OS can:
-
Send automated responses to audit events (syslog entry creation).
-
Allow authorized managers to examine audit logs.
-
Send audit files to external servers.
-
Allow authorized managers to return the system to a known state.
The logging for the evaluated configuration must capture the following events:
-
Changes to secret key data in the configuration.
-
Committed changes.
-
Login/logout of users.
-
System startup.
-
Failure to establish an SSH session.
-
Establishment/termination of an SSH session.
-
Changes to the (system) time.
-
Termination of a remote session by the session locking mechanism.
-
Termination of an interactive session.
In addition, Juniper Networks recommends that logging also:
-
Capture all changes to the configuration.
-
Store logging information remotely.