The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

An XCCDF Rule

Description

<VulnDiscussion>The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. Information stored in one location is vulnerable to accidental or incidental deletion or alteration.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253944r1028872_rule
Severity: High
References: CCI-001851 CCI-002605
Updated: 16 days ago

Add the following stanzas to the configuration.

set system syslog host <external syslog host1 IPv4 or IPv6 address> any info
set system syslog host <external syslog host2 IPv4 or IPv6 address> any info

Note: The time-format command supports including the year and/or the time in milliseconds. The default format does not include the year and time is recorded in seconds.

The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

Description

Remediation - Manual Procedure