| 1.7.2 Enable logging from inetd | CIS HP-UX 11i v1.5 | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.8 Set 'login success/failure logging' | CIS Cisco IOS 16 L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.12 Enable Secure Logging - 'syslog cplogs' | TNS Check Point GAiA Best Practices | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 3.1 Enable security auditing | CIS Apple macOS 10.12 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple macOS 10.12 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 - Connection Filtering is not configured - Filter enabled | TNS Oracle WebLogic Server 11 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| 3.6 Ensure Firewall is configured to log | CIS Apple macOS 10.13 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.630 - All uses of the passwd command must be audited. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.770 - All uses of the postqueue command must be audited. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.871 - The system must generate audit records for all creations, modifications, disabling, and termination events for /etc/group. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.874 - The system must generate audit records for all creations, modifications, disabling, and termination events for /etc/opasswd. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/gshadow' | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 64b sethostname | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - /var/run/faillock/ | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chmod | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - b64 xattr | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected | CIS Amazon Linux v2.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 - Auditing provider should be present | TNS Oracle WebLogic Server 11 Linux Best Practices | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 - Enable configuration Audit Logs | TNS Oracle WebLogic Server 10 Linux Best Practices | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 - Auditing Severity Setting should be set | TNS Oracle WebLogic Server 10 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in default) | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in web application) | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - logging section | CIS BIND DNS v3.0.0 Caching Only Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| Audit System Activity - 'systemLog.verbosity' | TNS MongoDB 2.6 Best Practices Linux OS Audit v1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit System Activity - config - 'logappend = true' | TNS MongoDB 2.4 Best Practices Linux OS Audit v1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| Brocade : 'Configures filters for a specified audit class' | TNS Brocade FabricOS Best Practices | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade : 'Enable auditcfg' | TNS Brocade FabricOS Best Practices | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade : 'Enable HTTPS ssl log' | TNS Brocade FabricOS Best Practices | Brocade | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging buffered severity ' is greater than or equal to '3' | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Fortigate - External Logging - 'syslog2' | TNS Fortigate FortiOS Best Practices | FortiGate | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'LogLevel notice' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| MongoDB verboseQueryLogging | TNS MongoDB 2.x Best Practices Database Audit v1.0 | MongoDB | AUDIT AND ACCOUNTABILITY |
| PCI 2.2.3/2.2.3.b/2.2.3.c Verify common security parameter settings - Audit Account Management | PCI v2.0/v3.0 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| PCI 2.2.3/2.2.3.b/2.2.3.c Verify common security parameter settings - Audit Logon Events | PCI v2.0/v3.0 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| PCI 2.2.3/2.2.3.b/2.2.3.c/10.1/10.2.1/10.2.3 Verify common security parameter settings - Audit Object Access | PCI v2.0/v3.0 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| PCI 10.2.1 Monitor all individual accesses to cardholder data - 'Check if SYSLOG_FAILED_LOGINS is set to 0 in /etc/default/login' | PCI DSS 2.0/3.0 - Solaris 10 | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.2.2 Monitor all actions taken by any individual with root or administrative privileges | PCI DSS 2.0/3.0 - Red Hat Linux | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.2.4 - Invalid logical access attempts - '*.info;auth.none entry exists in /etc/syslog.conf' | PCI DSS 2.0/3.0 - AIX | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.2.4 Invalid logical access attempts - 'EPERM' | PCI DSS 2.0/3.0 - Red Hat Linux | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.3.2 - Verify type of event is included in log entries - '/etc/security/audit/config - streammode = off' | PCI DSS 2.0/3.0 - AIX | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.5.3 Promptly back up audit trail files to a centralized log server - configure remote logging. | PCI DSS 2.0/3.0 - Solaris 10 | Unix | AUDIT AND ACCOUNTABILITY |
| ScreenOS:System Logging - Device Serial-Number | TNS Juniper ScreenOS Best Practices Audit | Juniper | AUDIT AND ACCOUNTABILITY |
| ScreenOS:System Logging - Unset Alert Webtrends | TNS Juniper ScreenOS Best Practices Audit | Juniper | AUDIT AND ACCOUNTABILITY |
| ScreenOS:System Logging - Unset Notification Email | TNS Juniper ScreenOS Best Practices Audit | Juniper | AUDIT AND ACCOUNTABILITY |
| ScreenOS:System Logging - Unset Notification USB | TNS Juniper ScreenOS Best Practices Audit | Juniper | AUDIT AND ACCOUNTABILITY |
| VM: vmtools-logging | TNS VMWare vSphere Best Practices | VMware | AUDIT AND ACCOUNTABILITY |
