An error occurred:

Check: RINP-DM-000057

Riverbed NetProfiler STIG: RINP-DM-000057 (in version v1 r1)

Title

The Riverbed NetProfiler must be configured to use redundant Syslog servers that are configured on a different system than the NetProfiler appliance. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Go to Administration >> General Settings. Under "Syslog", verify the entries for Server 1 Host and Server 2 Host are configured. Verify "Audit Trail" and "Events" are selected for each Syslog server. If this is not true, this is a finding.

Fix Text

Go to Administration >> General Settings. Configure the entry for Server 1 Host. Configure the entry for Server 2 Host. Check "Audit Trail" and "Events" for each configured server.

Additional Identifiers

Rule ID: SV-256092r882784_rule

Vulnerability ID: V-256092

Group Title: SRG-APP-000515-NDM-000325

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4 (1)

Transfer To Alternate Storage