Home SecurityTable of items saved in audit log

Table of items saved in audit log

Stored action

Operation

Audit ID

Result

User authentication and identification

1

Execute CE authentication

CE ID

OK/NG

5

Change or register the CE password

CE ID

OK

2

Execute administrator authentication

Administrator ID

OK/NG

6

Change or register the administrator password

CE ID or administrator ID

OK

11

Execute user authentication

User ID *1 or unregistered ID *2

OK/NG

User modification

7

Create user by administrator

User ID

OK

8

Change/Register user password by administrator

User ID

OK

9

Delete user by administrator

User ID

OK

10

Change user attribute by administrator

User ID

OK

12

Change the user attributes according to the user (change the user password, etc.)

User ID

OK

Use of management functions and change of security setting

3

Set/Change Enhanced Security mode

Administrator ID

OK/NG

19

Change HDD lock password

Administrator ID

OK

41

Change the password rules setting

Administrator ID

OK

42

Change the network setting

Administrator ID

OK

43

Change the service login allow setting

Administrator ID

OK

Usage of management functions and security audit

4

Audit log output (Manual and automatic modes)

Administrator ID

OK/err No

44

Change the audit log transmission address setting

Administrator ID

OK

Use of management functions and encryption support

45

Start the HDD encryption function

Unregistered ID

OK

46

Change the HDD encryption setting

Administrator ID

OK

47

Change the HDD encryption password

Administrator ID

OK

Usage of management functions and protection of security function operating environment

49

Execute ISW

CE ID or administrator ID

OK/NG

50

Firmware diagnosis

Administrator ID or unregistered ID

OK/NG

51

Device diagnosis

Administrator ID or unregistered ID

OK/NG

Time change (Use of management functions and protection of security function operating environment)

20

Date/time setting

User ID

OK

Start and exit of audit function

52

Power-on (Start of audit function)

Unregistered ID

OK

53

Power-off (Exit of audit function) * Sub power

Unregistered ID

OK

54

Power-off (Exit of audit function) * Main power

Unregistered ID

OK

End of job and operation

16

Delete store job

User ID

OK

21

Print copy job

User ID or unregistered ID

OK/NG

22

Store copy job

User ID or unregistered ID

OK/NG

23

Print print job

User ID or unregistered ID

OK/NG

24

Store print job

User ID or unregistered ID

OK/NG

25

Execute scan job

User ID or unregistered ID

OK/NG

26

Print store job

User ID or unregistered ID

OK/NG

27

Change or restore store job (move or copy)

User ID or unregistered ID

OK/NG

28

Recall store job

User ID or unregistered ID

OK/NG

29

Output store job file

User ID or unregistered ID

OK/NG

**1: Audit log ID is saved as user ID when user authentication is successfully made, or when password inconformity occurs with a registered user name.

**2: Audit log ID is saved as unregistered user ID when authentication failure occurs with an unregistered user name.

The purpose of analyzing the audit log is to understand the following and implement countermeasures:

  • Whether or not data was accessed or tampered with

  • Subject of attack

  • Details of attack

  • Result of attack

For specific analysis methods, refer to the following description.