[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MUST vs. SHOULD audit
ho@earth.hpc.org (Hilarie Orman) writes:
>> > Some sites will want to know about every conceivable event.
>> > Some sites will run high-profile services which will get probed so
>> > often that logging such probes would be a waste of cheap disk space.
>>
>> I'm not familiar with state-of-the-art in audit, but I'd assumed that all
>> auditing systems allowed administrator control over such things.
I assume most would, too. But what does "MUST log" mean? Must end up
in the audit log? Must be given to the audit system as input? I
think this is outside the scope of the IPsec protocol document, and
should be discussed in a different document.
Marc
References: