There are a number of requirements within the VNF Security section that require the VNF to log certain events, but there are no specifications on how they should be log.

I would like to propose the following two requirements that will clarify how they should be logged while allowing the operator to determine how the events should be handled.

• The VNF MUST log any security event required by the VNF Requirements to Syslog using LOG_AUTHPRIV for any event that would contain sensitive information and LOG_AUTH for all other relevant events.
• The VNF SHOULD deliver all syslog messages to the VES Collector per the specifications in Monitoring and Management chapter.

The last requirement will likely need to be added to the Monitoring and Management chapter, but will perhaps be referenced again int the security section for clarity.

This will resolve some of the discussion on VNFRQTS-382