Skip to content

The Central Log Server must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.

An XCCDF Rule

Description

<VulnDiscussion>If the application is not configured to collate records based on the time when the events occurred, the ability to perform forensic analysis and investigations across multiple components is significantly degraded. Centralized log aggregation must also include logs from databases and servers (e.g., Windows) that do not natively send logs using the syslog protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-206449r395700_rule
Severity
Low
References
Updated



Remediation - Manual Procedure

For each log server, configure the server to aggregate log records from organization-defined devices and hosts within its scope of coverage.