Check: NET1026
Network Infrastructure Policy STIG:
NET1026
(in versions v10 r6 through v9 r2)
Title
Syslog messages must be retained for a minimum of 30 days online and then stored offline for one year. (Cat III impact)
Discussion
Logging is a critical part of router security. Maintaining an audit trail of system activity logs (syslog) can help identify configuration errors, understand past intrusions, troubleshoot service disruptions, and react to probes and scans of the network.
Check Content
Examine the syslog server to verify that it is configured to store messages for at least 30 days. Have the administrator show you the syslog files stored offline for one year. If the syslog messages are not kept online for thirty days and offline for one year, this is a finding.
Fix Text
Configure the syslog server to store messages for at least 30 days on-line. The administrator must establish a strategy for storing the logs off-line for minimum of 1 year.
Additional Identifiers
Rule ID: SV-251374r806077_rule
Vulnerability ID: V-251374
Group Title: NET1026
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000167 |
The organization retains audit records for an organization-defined time period to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements. |
Controls
Number | Title |
---|---|
AU-11 |
Audit Record Retention |