Check: NET1025
Network Infrastructure Policy STIG:
NET1025
(in version v10 r6)
Title
A minimum of two syslog servers must be deployed in the management network. (Cat III impact)
Discussion
Maintaining an audit trail of system activity logs can help identify configuration errors, understand past intrusions, troubleshoot service disruptions, and react to probes and scans of the network.
Check Content
Review the network topology and verify that at least two syslog servers are located within the management network. Note the IP addresses as documented on the management network topology and verify that this is what is configured on the network elements as the host devices for sending syslog data. If a minimum of two syslog servers have not been deployed in the management network, this is a finding.
Fix Text
Stand up at least two syslog servers and connect them to the management network. Configure all managed network elements to send syslog data to the syslog servers.
Additional Identifiers
Rule ID: SV-251373r916119_rule
Vulnerability ID: V-251373
Group Title: NET1025
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001575 |
The organization defines the system or system component for storing audit records that is a different system or system component than the system or component being audited. |
Controls
Number | Title |
---|---|
AU-9 (2) |
Audit Backup On Separate Physical Systems / Components |