Configuring Audit Log Options in the Evaluated Configuration
Configuring Audit Log Options
To configure audit log options:
- Specify the number of files to be archived in the system
logging facility.
[edit system syslog] root@host# set archive files 2
- Specify the file in which to log data.
[edit system syslog] root@host# set file syslog any any
- Specify the size of files to be archived.
[edit system syslog] root@host# set file syslog archive size 10000000
- Log system messages in a structured format.
[edit system syslog] root@host# set file syslog structured-data
- Configure security log events in the audit log buffer.
[edit] root@host# set security log cache
- Specify how to process and export security logs.
[edit] root@host# set security log mode event
Note:The TOE attaches to each audit log entry a time stamp. The time stamp is read from the clock maintained by the TOE software. The clock may be set by the administrator or through the NTP protocol. Configuration of NTP is detailed in Sect. 4. To set the clock, the administrator uses the set date command as follows: Login as security-officer and modify the time stamp, for example, to set the time to Monday, January 1 at 01:01:01 PST 2029:
security-officer@fips-mx-b:fips>set date 202901010101.01 Mon Jan 1 01:01:01 PST 2029