[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loganalysis
Subject:    Re: [logs] Auditing vs. logging
From:       Sweth Chandramouli <loganalysis () astaroth ! sweth ! net>
Date:       2003-07-30 22:08:14
[Download RAW message or body]

On Wednesday, 30 July 2003 at 16:48:57 EDT,
   Tina Bird (Tina Bird <tbird@precision-guesswork.com>) wrote:
> Anyone want to take a stab at definitions of auditing and logging, and
> most in particular, how they differ?

Logging is the act of recording operational information; auditing is
the act of reviewing that information to ensure consistency and
correctness.  Contrast auditing with analysis, which is reviewing log
information in order to interpret them rather than verify them.

People sometimes speak of "turning on auditing", but what they really mean
is "turning on audit logging", that is to say logging whose eventual intent
is auditing.  Audit logs can be used for analytical purposes, too, but I
would argue that logs those aren't really audit logs, and wouldn't be called
that were it not for the fact that much of the really granular logs are
generated by subsystems that were originally designed to meet gov't/military
requirements for auditability of compliance with infosec regulations, and
were thus given names like audit_startup (in Trusted Solaris).

> References also greatly appreciated -- thanks -- tbird

How about Merriam-Webster:

audit [noun] 2 : a methodical examination and review

log [noun] 4 : a record of performance, events, or day-to-day activities

-- Sweth.

-- 
Sweth Chandramouli      Idiopathic Systems Consulting
svc@idiopathic.net      http://www.idiopathic.net/
_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis
[prev in list] [next in list] [prev in thread] [next in thread]