Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.

An XCCDF Rule

Description

<VulnDiscussion>Without syslog enabled it will be difficult for an ISSO to correlate the users behavior and identify potential threats within the logs.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251006r1028244_rule
Severity: High
References: CCI-002605
Updated: 18 days ago

Configure the Sentry to forward syslog data using the steps below Refer to "Sentry Guide for Core", section "Syslog", page 140.
  
 1. Log in to the Sentry.
 2. Navigate to "Settings".
 3. Scroll down to "Syslog".
 4. If there is no syslog server entry, ADD the server:      a. Add Server IP address.
      b. Add Port.
      c. Select/add Facility Types and Log Levels.
     d. Enable Admin state.

Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.

Description

Remediation - Manual Procedure