An error occurred:

Check: RINP-DM-000057

Riverbed NetProfiler STIG: RINP-DM-000057 (in versions v2 r1 through v1 r1)

Title

The Riverbed NetProfiler must be configured to use redundant Syslog servers that are configured on a different system than the NetProfiler appliance. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Go to Administration >> General Settings. Under "Syslog", verify the entries for Server 1 Host and Server 2 Host are configured. Verify "Audit Trail" and "Events" are selected for each Syslog server. If this is not true, this is a finding.

Fix Text

Go to Administration >> General Settings. Configure the entry for Server 1 Host. Configure the entry for Server 2 Host. Check "Audit Trail" and "Events" for each configured server.

Additional Identifiers

Rule ID: SV-256092r961860_rule

Vulnerability ID: V-256092

Group Title: SRG-APP-000515-NDM-000325

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage