Auditing user activity on the system

All user and application activity on the system should be audited to implement the requirements under the PCI DSS requirement 10.

For Windows, Event Logging should be enabled for System, Application and Security. Event Logs should capture Warning, Errors, and Critical audit.

  • Click Start, click Control Panel

  • Click System and Security (in Win7 )

  • Click Administrative Tools

  • Double click on Event Viewer

  • In the left pane, click on Windows Logs then right click on Application, select Filter current log or click on Filter current log.

auditing user activity

  • Enable Warning, Error, and Critical event level in the Filter tab.

  • Repeat the same process for Security and System to view event.

For Linux, all the activities of YESEFT/conf and YESEFT/properties can be traced in /var/log/audit/audit.log file should be logged.