The A10 Networks ADC, when used to load balance web applications, must enable external logging for accessing Web Application Firewall data event messages.

An XCCDF Rule

Description

<VulnDiscussion>Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. External logging must be enabled for WAF data event messages. Create a server configuration for each log server, and then add a TCP or UDP port to each server configuration, with the port number on which the external log server listens for log messages.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-237033r639546_rule
Severity: Low
References: CCI-000133
Updated: about 1 year ago

If the device is used to load balance web servers, configure external logging for WAF data event messages. 

Create a server configuration for each log server. 
The following command adds a server:
slb server [server-name] [ipaddr]
The following command specifies the TCP or UDP port number on which the server will listen for log traffic:
port [port-num] [tcp | udp]

If multiple log servers are used, add the log servers to a service group. Use the round-robin load-balancing method, which is the default method.

The following command creates the service group:
slb service-group [group-name] [tcp | udp]

The following command adds each log server and its TCP or UDP port to the service group:
member [server-name:portnum]

The following command creates a logging template:
slb template logging [template-name]

The following command adds the service group containing the log servers to the logging template:
service-group [group-name]

The following commands bind the logging template to the WAF template:
slb template waf [template-name]
template logging [template-name]

The A10 Networks ADC, when used to load balance web applications, must enable external logging for accessing Web Application Firewall data event messages.

Description

Remediation - Manual Procedure