Navigate

Check: GEN002730

VMware ESX 3 Server: GEN002730 (in version v1 r2)

Title

The audit system must alert the SA when the audit storage volume approaches its capacity. (Cat II impact)

Discussion

An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as email or paging) should be employed consistent with the site’s established operations management systems and procedures.

Check Content

Determine if the audit system is configured to alert the SA when the audit storage volume approaches capacity. If it does not, this is a finding.

Fix Text

Configure the audit system to alert the SA when the audit storage volume approaches capacity.

Additional Identifiers

Rule ID: SV-26022r1_rule

Vulnerability ID: V-22375

Group Title: GEN002730

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000143	The information system provides a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check