You have the ability to enable auditing to record events of various types on
the system. However, recording the events but not analyzing the audit trail
thoroughly and checking the logs infrequently does little to keep your
system secure. You need to learn what to look for and track various events,
different users, and at different times to be able to detect security
problems. By not varying the pattern of event logging, your actions can
become predicatable making it easier to schedule break-in attempts.
Auditing logs must be archived everyday. By not being attentive to the
logs, their sizes, maintaining backups for some period of time, you risk
losing the comprehensive tracking of system events and potential threats.
Printable version
