An error occurred:

Check: GEN005450

Solaris 10 SPARC STIG: GEN005450 (in versions v2 r4 through v1 r19)

Title

The system must use a remote syslog server (log host). (Cat II impact)

Discussion

A syslog server (log host) receives syslog messages from one or more systems. This data can be used as an authoritative log source in the event a system is compromised and its local logs are suspect.

Check Content

Check the syslog configuration file for remote syslog servers. # grep '@' /etc/syslog.conf | grep -v '^#' If no line is returned, this is a finding.

Fix Text

Edit the syslog configuration file and add an appropriate remote syslog server.

Additional Identifiers

Rule ID: SV-226982r603265_rule

Vulnerability ID: V-226982

Group Title: SRG-OS-000215

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9 (2)

Audit Backup On Separate Physical Systems / Components