The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Archiving is not required unless space is limited in the audit server.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253937r961860_rule
Severity: Medium
References: CCI-001851
Updated: 16 days ago

Archiving is not required unless space is limited in the audit server. Configure the network device to offload audit records onto a different system or media than the system being audited.

set file <file name> any info
set system syslog file <file name> any info
set system syslog file <file name> archive size <65536..1073741824 bytes>
set system syslog file <file name> archive files <1..1000>set system syslog file <file name> archive transfer-interval <5..2880 minutes>
set system syslog file <file name> archive start-time "<yyyy-mm-dd.hh:mm>"
set system syslog file <file name> archive archive-sites "<scp|sftp>://<username>@<repository address>/<path without trailing slash (/)>" password "<PSK>"
set system syslog host <external syslog address> any info

The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.

Description

Remediation - Manual Procedure