1

I am using mod_security

What is the difference between and audit log (audit trail) and a normal log?

I read on wikipedia that an audit log is a log of user activity, if this is the case what would you need another log for - is it for system based issues?

Community
  • 1
Joshua Enfield
  • 3,404
  • 8
  • 41
  • 58

2 Answers2

4

An audit log contains all the information necessary to follow a user's interaction with a system. It will usually contain more information and detail than what is necessary to have in day-to-day operations.

You can think of it in terms of a phone system. You can record every call that passes through the phone system to be able to go back in time and prove exactly what a person said, but it wouldn't be feasible to use a log containing all of that information for taking care of phone system operations.

An audit log usually contains more sensitive information than other system logs so access to it should be more restricted.

Martin M
  • 568
  • 1
  • 3
  • 7
  • Can you tell us what the difference between system logs, audit logs, and how the `syslog` specific tool fits in? – travelingbones Nov 15 '17 at 17:11
  • This may help provide some context on the different log types: https://help.sap.com/saphelp_nwes72/helpdata/en/b6/d6af7f6bc011d1a56c0000e835363f/content.htm?no_cache=true – tlbignerd Jul 30 '20 at 18:06
0

Syslog and the audit subsystem have different purposes - syslog is a general logging daemon available for any application or the system to use for any reason. The audit daemon's job is to track specific activities or events to determine who did what and when.

Lavish Jhamb
  • 1