You're notified if audit logging fails.
What it actually means
If logging silently stops — disk full, agent down, collector offline — you've lost visibility without knowing it. You need an alert when the audit logging process fails so it gets fixed.
Pass or fail — an assessor needs a "yes" to each
- An alert fires when logging/collection fails.
- Someone is responsible for acting on it.
What to have ready
- Alerting configuration for log-pipeline health
- Sample alert or runbook
Where teams trip up
- No monitoring of the log pipeline itself
- Agents that quietly stop sending logs
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →