Audit Log Check [CHK-1001]
This operational check determines if new audit log entries are being received in the last 24 hours.
Rationale
Audit logs are crucial for detecting and investigating suspicious behavior. If no new entries are received, it may indicate a problem with the audit logging functionality.
Fix
An automated fix is available through Attic.
Manual steps:
-
Validate the outcome of CHK-1002. If the status is Okay, proceed to step 2.
-
Open a ticket for consultation. We will investigate if there are other issues and coordinate appropriate follow-up actions.
Impact
Correcting this issue ensures that audit logs are being received, maintaining the ability to detect and investigate suspicious behavior.
More Information
For more details on enabling audit logging, refer to CHK-1002.