CCI-001348

Ensure Logs Sent To Remote Host

The A10 Networks ADC must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The log data and records from the Apache web server must be backed up onto a different system or media.

The application server must back up log records at least every seven days onto a different system or system component than the system or component being logged.

The application must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The BIND 9.x server implementation must not be configured with a channel to send audit records to null.

The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog.

The BIND 9.x server implementation must be configured with a channel to send audit records to a local file.

The BIND 9.x server implementation must maintain at least 3 file versions of the local log file.

The CA API Gateway must forward all log audit log messages to the central log server.

The Central Log Server must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.

The Central Log Server system backups must be retained for a minimum of 5 years for SAMI (Sources and Methods Information) and a minimum of 7 days for non-SAMI on media capable of guaranteeing file integrity for the minimum applicable information retention period.

The DBN-6300 must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The DNS server implementations audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

If any logs are stored locally which are not sent to the centralized audit server, CounterACT must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

The DataPower Gateway must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The MQ Appliance messaging server must be configured to fail over to another system in the event of log subsystem failure.

The MQ Appliance network device must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The Ivanti MobileIron Core server must back up audit records at least every seven days onto a log management server.

JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.

The ISEC7 EMM Suite must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 EMM Suite components, and off-load audit records onto a different system or media than the system being audited.

Exchange must have Audit data on separate partitions.

Exchange Audit data must be on separate partitions.

Exchange audit data must be on separate partitions.

The Windows 2012 DNS Servers audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

The log data and records from OHS must be backed up onto a different system or media.

The SEL-2740S must be configured to send log data to a Syslog server or collected by another parent OTSDN Controller.

Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited.

Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

The Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.

The UEM server must back up audit records at least every seven days onto a log management server.

Hardware Management Console audit record content data must be backed up.

SSMC web server must generate information to be used by external applications or entities to monitor and control remote access.

The log data and records from the IIS 10.0 web server must be backed up onto a different system or media.

Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

The rsyslog must be configured to monitor VAMI logs.

Rsyslog must be configured to monitor and ship Performance Charts log files.

Rsyslog must be configured to monitor and ship ESX Agent Manager log files.

Lookup Service log files must be offloaded to a central log server in real time.

The vCenter Rhttpproxy service log files must be sent to a central log server.

Security Token Service log data and records must be backed up onto a different system or media.

vSphere UI log files must be moved to a permanent repository in accordance with site policy.

The vCenter VAMI service must off-load log records onto a different system or media from the system being logged.

The log data and records from the web server must be backed up onto a different system or media.

The Windows DNS Server audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

The Dragos Platform must be configured to send backup audit records.

The ISEC7 SPHERE must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 SPHERE components, and offload audit records onto a different system or media than the system being audited.

The Ivanti EPMM server must back up audit records at least every seven days onto a log management server.

Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.