Title

System does not halt once an event log has reached its maximum size. (Cat III impact)

Discussion

If the security log is full, it becomes possible for some events to not be logged. Selecting this option will halt the computer when the log is full to prevent losing any events. If the system halts as a result of a full log, an administrator must restart the system and reset the log. This work-stoppage event can be prevented, provided the IAO periodically archives the event logs.

Check Content

Fix Text

Create site procedures for identifying, in a timely manner, that the system has stopped writing to the event log, and specifying actions to take to preserve Event log information and correct the problem. OR Configure Servers to halt processing if there is an audit failure, or an event log has filled up.

Additional Identifiers

Rule ID: SV-1091r1_rule

Vulnerability ID: V-1091

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.