topic Audit log access and initialization for PCI DSS in Monitoring Splunk https://community.splunk.com/t5/Monitoring-Splunk/Audit-log-access-and-initialization-for-PCI-DSS/m-p/56541#M611 <P>Hi, </P> <P>Does splunk log all audit information relating to requirement 10.2 in PCI DSS (Successful and Failed access to splunk, initialization of logs etc.. )</P> <P>Our auditor wants to see all this and I'm sure splunk does monitor this but cant find it. </P> <P>Thanks, <BR /> Fraser</P> Thu, 11 Aug 2011 12:09:35 GMT fraserhardy 2011-08-11T12:09:35Z Audit log access and initialization for PCI DSS https://community.splunk.com/t5/Monitoring-Splunk/Audit-log-access-and-initialization-for-PCI-DSS/m-p/56541#M611 <P>Hi, </P> <P>Does splunk log all audit information relating to requirement 10.2 in PCI DSS (Successful and Failed access to splunk, initialization of logs etc.. )</P> <P>Our auditor wants to see all this and I'm sure splunk does monitor this but cant find it. </P> <P>Thanks, <BR /> Fraser</P> Thu, 11 Aug 2011 12:09:35 GMT https://community.splunk.com/t5/Monitoring-Splunk/Audit-log-access-and-initialization-for-PCI-DSS/m-p/56541#M611 fraserhardy 2011-08-11T12:09:35Z Re: Audit log access and initialization for PCI DSS https://community.splunk.com/t5/Monitoring-Splunk/Audit-log-access-and-initialization-for-PCI-DSS/m-p/56542#M612 <P>index=_audit will give you most of the information and here 2 examples:</P> <P>splunk failed access:</P> <PRE><CODE>index=_audit "action=login attempt" NOT "action=search" "info=failed" </CODE></PRE> <P>splunk successful access:</P> <PRE><CODE>index=_audit "action=login attempt" NOT "action=search" "info=succeeded" </CODE></PRE> Thu, 11 Aug 2011 16:10:01 GMT https://community.splunk.com/t5/Monitoring-Splunk/Audit-log-access-and-initialization-for-PCI-DSS/m-p/56542#M612 MarioM 2011-08-11T16:10:01Z