The Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.
An XCCDF Rule
Description
<VulnDiscussion>Protection of log data includes ensuring that log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to ensure that, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233858r621666_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab. Enable "Log to External Syslog Servers" and configure an "External Syslog Server".
3. Enable the checkbox "Copy Audit Log Message to Syslog".
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.
6. Review Infoblox audit records on the remote SYSLOG server to validate operation.