An error occurred:

Check: 3.015

Windows 2003 DC STIG: 3.015 (in version v6 r40)

Title

System does not halt once an event log has reached its maximum size. (Cat III impact)

Discussion

If the security log is full, it becomes possible for some events to not be logged. Selecting this option will halt the computer when the log is full to prevent losing any events. If the system halts as a result of a full log, an administrator must restart the system and reset the log. This work-stoppage event can be prevented, provided the IAO periodically archives the event logs.

Check Content

Fix Text

Create site procedures for identifying, in a timely manner, that the system has stopped writing to the event log, and specifying actions to take to preserve Event log information and correct the problem. OR Configure Servers to halt processing if there is an audit failure, or an event log has filled up.

Additional Identifiers

Rule ID: SV-1091r1_rule

Vulnerability ID: V-1091

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000140

Take organization-defined actions upon audit failure include, shutting down the system, overwriting oldest audit records, and stopping the generation of audit records.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-5

Response to Audit Processing Failures