A customer of ours is asking for the option to create logging from who is looking in the log files that are created in the NME console. Due to security requirements they want to be able to create and see logfiles to monitor who is looking at the NME created log. This is to control that no other users then de designated NME Admins are going trough the logs so that possible access of unauthorized users can be monitored and determined.
The spec's are noted below:
Access to logs is in itself logged. These logs are stored separately and permissions to these logs are least privilege and separated.
Technical specification:
At a minimum the following information is logged:
- What user accessed a log
- When was the log accessed
- From what device (MAC) was the log accessed
- What IP was the log accessed from
Users with privileged access to logs cannot have privileged access to the logs of log access. Privileged access is editing, creating and deleting of the logs. Reading the logs is not considered privileged access, but should adhere to least privilege principles regardless.
Logging of log access retention is 6 months.
Comments (0 comments)