The A10 Networks ADC, when used to load balance web applications, must enable external logging for WAF data event messages.

An XCCDF Rule

Description

<VulnDiscussion>Without coordinated reporting between separate devices, it is not possible to identify the true scale and possible target of an attack. External logging must be enabled for WAF data event messages. External logging is activated once the WAF template that uses the logging template is bound to an HTTP/HTTPS virtual port.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-237053r639606_rule
Severity: Low
References: CCI-002656
Updated: about 1 year ago

If the device is used to load balance web servers, configure external logging for WAF data event messages. 

Create a server configuration for each log server. 
The following command adds a server:
slb server [server-name] [ipaddr]
The following command specifies the TCP or UDP port number on which the server will listen for log traffic:
port [port-num] [tcp | udp]

If multiple log servers are used, add the log servers to a service group. Use the round-robin load-balancing method, which is the default method.

The following command creates the service group:
slb service-group [group-name] [tcp | udp]

The following command adds each log server and its TCP or UDP port to the service group:
member [server-name:portnum]

The following command creates a logging template:
slb template logging [template-name]

The following command adds the service group containing the log servers to the logging template:
service-group [group-name]

The following commands bind the logging template to the WAF template:
slb template waf [template-name]
template logging [template-name]

The A10 Networks ADC, when used to load balance web applications, must enable external logging for WAF data event messages.

Description

Remediation - Manual Procedure