[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUST vs. SHOULD audit

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: MUST vs. SHOULD audit
From: Marc Horowitz <marc@cygnus.com>
Date: 02 Apr 1997 14:13:50 -0500
Cc: ipsec@tis.com
In-Reply-To: ho@earth.hpc.org's message of Wed, 2 Apr 1997 13:03:48 -0500
References: <199704021803.NAA23032@earth.hpc.org>
Sender: owner-ipsec@ex.tis.com

ho@earth.hpc.org (Hilarie Orman) writes:

>> >  Some sites will want to know about every conceivable event.
>> >  Some sites will run high-profile services which will get probed so
>> >  often that logging such probes would be a waste of cheap disk space.
>> 
>> I'm not familiar with state-of-the-art in audit, but I'd assumed that all
>> auditing systems allowed administrator control over such things.

I assume most would, too.  But what does "MUST log" mean?  Must end up
in the audit log?  Must be given to the audit system as input?  I
think this is outside the scope of the IPsec protocol document, and
should be discussed in a different document.

		Marc

References:

Re: MUST vs. SHOULD audit

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Re: MUST vs. SHOULD audit
Next by Date: Re: auditing
Prev by thread: Re: MUST vs. SHOULD audit
Next by thread: RE: MUST vs. SHOULD audit
Index(es):
- Main
- Thread