Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Central Log Server Security Requirements Guide
SRG-APP-000088
SRG-APP-000088
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000088
1 Rule
<GroupDescription></GroupDescription>
The Central Log Server log records must be configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools.
Low Severity
<VulnDiscussion>Without a standardized format for log records, the ability to perform forensic analysis may be more difficult. Standardization facilitates production of event information that can be more readily analyzed and correlated. Log information that is normalized to common standards promotes interoperability and exchange of such information between dissimilar devices and information systems. If logging mechanisms within applications that send records to the centralized audit system do not conform to standardized formats, the audit system may convert the records into a standardized format when compiling system-wide audit trails. Thus, although the application and other system components should send the information in a standardized format, ultimately the audit aggregation server is responsible for ensuring the records are compiled to meet this requirement.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>