Ensure log format includes critical fields


A security log should include authentication and authorization events, service configuration changes, object reads and writes, all user and group permission changes, elevation of role to admin, consistent time-stamping for each event, source users, IP addresses, and/or hostnames for all logged actions.

Stack layer

Security domain

Security tool initiated by this item



Manual input

Did this page help you?