CloudBlue Commerce automatically logs all audit information into log files in the log directory.
You must make sure that these logs are not tampered with by transferring them to a centralized and secure storage location.
You must log access to the server that contains logs – for example, by logging SSH, RDP and console access.
You must review logs daily to remain compliant.
Under no circumstances are you allowed to disable logging of CloudBlue Commerce. If you disable logging, you will be non-compliant.
In addition, you are required to set up operating system level logging so that access to log files is logged. For Linux, the audit subsystem can be used to audit access to files.
For information about log location on CloudBlue Commerce Servers, please refer to Knowledge Base Article # 44001890088.