===== Logging ===== === What to log ? === We already know that most things happening on the system are subject to audit with RSBAC. However, the logging facility is only a tool, and like every tool, it's usefulness is only seen if you know how to use that tool. We can divide the audit you need into different categories: * the standard everyday logging: RSBAC defaults are pretty good, it logs anything that has been denied. * sensitive applications, files or user accesses: if something in the system is especially exposed, it might be a good idea to log additional events that are in relation, and watch them more closely. * suspicious activity: this is more a day-to-day thing, when you have a doubt, just log it for a while, but do not forget to stop logging afterwards. * regular checks: it is a good practice, to audit users, directory paths, or applications, during a day, randomly every month, to compare with the previous month. This may help you to spot suspicious activity. * application debugging, or RSBAC rules making: have additional logging over one program might help you to understand what this program is doing without having access to the source code (or if you do not understand it). === Setup the logging === Start one of the ''rsbac_menu'' to get an easy interface to the logging menus. # rsbac_menu # rsbac_user_menu # rsbac_fd_menu * ''rsbac_menu'' set up the general logging for the whole system * ''rsbac_user_menu'' set up the logging rules per user * ''rsbac_fd_menu'' set up the logging per program //Note: See [[:documentation:rsbac_handbook:architecture_implementation:framework_components:logging_facility|3.Architecture and Implementation>>III.Framework Components>>e.Logging Facility]] for more information about log arrays and how to setup logging// \\ ---- **Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\ **Previous:** [[documentation:rsbac_handbook:configuration_basics|Configuration Basics]]\\ **Next:** [[selecting_models|Selecting a Security Model Combination]]