A system can maintain several different audit trails concurrently. There are typically two kinds of audit records, (1) an event-oriented log and (2) a record of every keystroke, often called keystroke monitoring.
Event-based logs usually contain records describing system events, application events, or user events.
An audit trail should include sufficient information to establish what events occurred and who (or what) caused them. In general, an event record should specify when the event occurred, the user ID associated with the event, the program or command used to initiate the event, and the result.
Date and time can help determine if the user was a masquerade or the actual person specified.
Leave a Reply
You must be logged in to post a comment.