SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-261409r996643_rule
Severity: Medium
References: CCI-001851
Updated: 17 days ago

Configure SLEM 5 to offload syslog-ng messages for networked systems in real time.

For standalone systems establish a procedure to offload log messages at least once a week.

For networked systems add a "UDP_OR_TCP("IP_ADDRESS" port(514)); };"
"#log { source(src); destination(logserver); };" in "/etc/syslog-ng/syslog-ng.conf" that does not have one.
syslog("10.10.10.10" transport("udp") port(514)); };

SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.

Description

Remediation - Manual Procedure