I am using trail licence for ECK, and I have enabled auditing feature but still I am getting only few parameters, as this is testing its okay but after that will go into production one so in order to buy licence we need to have the below information in our logs.
For auditable events logs shall be configured to record the following information - Timestamp - User ID (when applicable the id of the end user, for example, SIGNUM) - System ID (ID of the system that generated the log record) - Client IP (IP address of the end user terminal) - For data processing events only: Document/object identifier (filename, URL, document number or other applicable ID). - Destination IP address and port - Accounting details of the changes that are made to perimeter security devices should also be recorded and managed centrally, e.g., nature of exact rule change made on the fi+G57rewall.
Is it possible or do I have to enable something to get all these.
Thanks in advance.