Table of Contents
Advertisement
If a system daemon fails to start for other reasons than integrity check failure, the event will be logged in
/var/log/messages. Depending on the daemon and the reason for its failure, more detailed
information may be found in the corresponding log in /FSS/log/.
Audit Events
The table below lists and describes applicable audit events and administrative actions for each of the
security functional requirements (SFRs) covered by Common Criteria.
The general order of the audit events is as follows:
1.
Date.
2.
Time.
3.
TOE Component IP address.
4.
TOE Component name (hostname).
5.
Process name or audit function name (e.g. FSS audit).
6.
Process ID (optional).
7.
Audit event description string. This is specific to audit event type.
See the table below for examples and details.
Table 2. SFRs and Auditable Events
SFR
Event
FAU_GEN.1
Start-up of audit
functions
Shutdown of audit
functions
FCO_CPC_
Enabling
EXT.1
communications
between a pair of
components.
Disabling
communications
between a pair of
components.
FCS_HTTPS Failure to establish a
Fidelis Network Common Criteria Configuration Guide Version 9.0.3
Additional
Sample Log
Information
None
Sep 8 11:38:12 10.42.212.199 localhost
syslog-ng[2368]: syslog-ng starting up;
version='3.7.3'
Sep 8 14:25:43 localhost FSS
audit[2423]: System startup
None
Sep 8 11:34:59 10.42.212.199 04
localhost syslog-ng[2369]: syslog-ng
shutting down; version='3.7.3'
Sep 8 14:23:17 localhost FSS
audit[4273]: System shutdown
Identity and
Sep 7 16:47:22 localhost FSS
type of TOE
audit[70423]: admin registered Sensor
component
linux90col Type: metadatav
being
Sep 7 16:47:22 localhost FSS
registered or
audit[70437]: Sensor <linux90col> TLS
unregistered.
SUCCESS: Local: localhost, Remote:
Identities of
10.89.184.31
the TLS
Sep 7 16:47:23 localhost FSS
endpoints
audit[70441]: Sensor <linux90col>
involved in
sensor registered successfully
the
transaction.
Reason for
Mar 17 10:01:51 10.42.209.241 FSS:
10
www.fidelissecurity.com
Advertisement
Table of Contents
