Hello Matt! Thanks for looking into it. We don't looking for policy file configuration. Also changes on our log4j configuration are monitored and audited by other security features (somebody could disable the logging, do some illegal stuff and enable the logging again). We "only" have to write a start/stop messages to show, the application is running and able to log events.
Best, Christian ----------------- Software Integration Specialist Apache Member V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer Apache Incubator PMC Member On Mon, Sep 8, 2014 at 5:22 PM, Christian Müller < [email protected]> wrote: > Hello list! > > For PCI requirement 10.2.6 (Initialization, stopping, or pausing of the > audit logs) [1], I'm wondering what the best solution would be from your > point of view? > > The PCI requirement are detailed further in the spec: > Verify the following are logged: > - Initialization of audit logs > - Stopping or pausing of audit logs > > Turning the audit logs off (or pausing them) prior to performing illicit > activities is a common practice for malicious users wishing to avoid > detection. Initialization of audit logs could indicate that the log > function was disabled by a user to hide their actions. > > The PCI auditor told us, "it's enoght" if the application logs when it's > started and when it's stopped. > > [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf > > Thanks in advance, > Christian > ----------------- > > Software Integration Specialist > > Apache Member > V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer > Apache Incubator PMC Member >
