Has anyone had to collect log data for PCI? I have to collect the following information but have no clue what logs contain what information. Any help to lead me to what logs to pull from would be awesome!!!!
- OSX Clients are configured to send the following type of messages:
All actions taken by any individual with root or administrative privileges.
Invalid logical access attempts.
Use of and changes to identification and authentication mechanisms, including.
All elevation of privileges.
All changes, additions, or deletions to any account with root or administrative privileges.
Initialization of audit logs.
Stopping or pausing of audit logs.
** Creation and deletion of system level objects.
- OSX client messages are configured to contain the following fields/attributes:
User identification
Type of event
Date and time
Success or failure indication
** Origination of event
Thank you,
Shawn G
