SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.
An XCCDF Rule
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
- ID
- SV-261409r996643_rule
- Version
- SLEM-05-652010
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure SLEM 5 to offload syslog-ng messages for networked systems in real time.
For standalone systems establish a procedure to offload log messages at least once a week.
For networked systems add a "UDP_OR_TCP("IP_ADDRESS" port(514)); };"
"#log { source(src); destination(logserver); };" in "/etc/syslog-ng/syslog-ng.conf" that does not have one.