Title

In the event of a system failure, The Infoblox system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes. (Cat II impact)

Discussion

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving application state information helps to facilitate application restart and return to the operational mode of the organization with less disruption to mission-essential processes.

Check Content

By default all system events are logged to the local SYSLOG. To ensure logging of data in the event of system failure, an external log server must be configured. Navigate to Grid >> Grid Manager >> Grid Properties >> Monitoring tab. When complete, click "Cancel" to exit the "Properties" screen. If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured and "Copy Audit Log Message to Syslog" must be configured otherwise, this is a finding.

Fix Text

Navigate to Grid >> Grid Manager >> Grid Properties >> Monitoring tab. Enable "Log to External Syslog Server", Configure at least one "External Syslog Servers". When complete, click "Save & Close" to save the changes and exit the "Properties" screen. Perform a service restart if necessary.

Additional Identifiers

Rule ID: SV-214177r612370_rule

Vulnerability ID: V-214177

Group Title: SRG-APP-000226-DNS-000032

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.