The Juniper EX switch must be configured to produce audit log records containing information to establish the source of events.

An XCCDF Rule

Description

To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know the source of the event. The source may be a component, module, or process within the device or an external session, administrator, or device. Associating information about where the source of the event occurred provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured device.

ID: SV-253892r960900_rule
Version: JUEX-NM-000150
Severity: Medium
References: CCI-000133
Updated: 24 days ago

Remediation Templates

Configure the network device to produce audit records containing information to establish the source of the event.

set system syslog host <syslog IPv4 or IPv6 address> any info
set system syslog host <syslog IPv4 or IPv6 address> structured-data <<< Includes the 'explicit-priority' and 'time-format year millisecond' directives
set system syslog file <file name> any info
set system syslog file <file name> structured-data <<< Includes the 'explicit-priority' and 'time-format year millisecond' directives-or-
set system syslog host <syslog IPv4 or IPv6 address> any info
set system syslog host <syslog IPv4 or IPv6 address> explicit-priority <<< Only if log level and severity are required
set system syslog file <file name> any info
set system syslog file <file name> explicit-priority <<< Only if log level and severity are required
set system syslog time-format year

The Juniper EX switch must be configured to produce audit log records containing information to establish the source of events.

Description

Remediation Templates

A Manual Procedure