The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
An XCCDF Rule
Description
<VulnDiscussion>Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is compromised. The intent of this control is to ensure that log information does not get overwritten if the limited log storage capacity is reached and also to protect the log records in general if the system/component being logged is compromised (hence the notion of off-loading onto a different system or media) but the intent is not to hold the information in more than one or multiple locations. This requirement is intended to address the primary repository, which is on the centralized Syslog server. This requirement is only applicable to the server used as the Syslog server. With the DBN-6300, audit records are automatically backed up on a real-time basis via syslog when enabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-91713r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the DBN-6300 to be connected to the syslog server. Also configure the DBN-6300 to include audit records in the syslog message feed.
Navigate to Settings >> Advanced >> Syslog.
Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable".