PCI DSS compliance

10.3 Audit trail fields

10.3 Auditing trail

For proper auditing trails, it needs to contain the right fields to get a full picture (why, what, when, where, how). Those include user identification, event type, date/time, status, originator and any other identifier. Regarding Linux systems, a powerful auditing tool to audit system components, is the Linux Audit framework.

10.3.1 User identification

In the audit trail a clear user identification should be listed. This may be the name of a user, or another identifier which clearly related to an account.

Additional resources