Hello list! For PCI requirement 10.2.6 (Initialization, stopping, or pausing of the audit logs) [1], I'm wondering what the best solution would be from your point of view?
The PCI requirement are detailed further in the spec: Verify the following are logged: - Initialization of audit logs - Stopping or pausing of audit logs Turning the audit logs off (or pausing them) prior to performing illicit activities is a common practice for malicious users wishing to avoid detection. Initialization of audit logs could indicate that the log function was disabled by a user to hide their actions. The PCI auditor told us, "it's enoght" if the application logs when it's started and when it's stopped. [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf Thanks in advance, Christian ----------------- Software Integration Specialist Apache Member V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer Apache Incubator PMC Member
