cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Deyan
Contributor I

Audit trail VS Logging

Greetings Sexperts.... (Sec+experts) 😉

 

Wanted your 2 cents about this topic. Essentially I'd like to gain more clarity on what is the difference of audit trail and logging in the context of an application/system. Is it the same and is the generation of audit trail possible without the gathering of logs? Is the difference related to the events recorded (audit trail referring to activity and logging referring to who when what...) - share your thoughts pls.

6 Replies
vds
Newcomer I

An audit trail is a specialized form of logging with a very specific goal, from NIST:

 

"Audit trails maintain a record of system activity both by system and
application processes and by user activity of systems and applications. In
conjunction with appropriate tools and procedures, audit trails can assist
in detecting security violations, performance problems, and flaws in
applications. This bulletin focuses on audit trails as a technical control
and discusses the benefits and objectives of audit trails, the types of
audit trails, and some common implementation issues."

 

https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul1997-03.txt

https://www.linkedin.com/in/vincenzo-di-somma-80b4a72/
Deyan
Contributor I

Nice read vds, - thank you for that link. It kind of confirms that audit trail is essentially logging - I believe that gathering various types of logs using syslog for example could be called generating audit trail. Essentially - audit trail is the combination of various types of logs that systems do that provide the capability to track down an action/event to an individual - is that a correct assumption in your opinion?

vds
Newcomer I

Deyan, you are welcome. Could be, but it really depends on the specifics of your systems, it is different if we talk about an operating system or a specific application/service or an IOT device.

https://www.linkedin.com/in/vincenzo-di-somma-80b4a72/
Shannon
Community Champion

Let's use an analogy. Investigation of a burglary may require the collection of evidence from monitoring systems. All that information, once properly collected, filtered and compiled, could be seen as the audit trail.

 

But to make this possible, the monitoring systems have to be properly set up / configured in advance to pick up specific information, and properly retain it. Utilization of the monitoring systems to track specific activities could be seen as logging.

 

Audit trails depend on logging...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
jayaprakash_m
Viewer II

So essentially, Logging is a source for Audit trail and its effectiveness depends on Logging solutions.

 

Audit trail is often a hot topic when it comes to correlating the incidents based on the logs and it is being used in Digital Forensic as well.

JP
Deyan
Contributor I

Thank you so much guys - really have more confidence talking about that now.