The MQ Appliance messaging server must generate log records for access and authentication events.

An XCCDF Rule

Description

<VulnDiscussion>Log records can be generated from various components within the messaging server. From a messaging server perspective, certain specific messaging server functionalities may be logged as well. The messaging server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the messaging server must be able to facilitate these changes. The minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-89583r1_rule
Severity: Medium
References: CCI-000169
Updated: about 1 year ago

The following events may be logged for each queue manager on the MQ Appliance:

Authority (AUTHOREV), Inhibit (INHIBITEV), Local (LOCALEV), Remote (REMOTEEV), Start and stop (STRSTPEV), Performance (PERFMEV), Command (CMDEV), Channel (CHLEV), Channel auto definition (CHADEV), SSL (SSLEV), Configuration (CONFIGEV)

To enable logging for a queue manager, enter the following from the MQ Appliance CLI for each event for which you wish to enable logging:
To access the MQ Appliance CLI, enter the following:
mqcli 

runmqsc [queue mgr name]
ALTER QMGR [event name](ENABLED)
end

Note: Any MQ monitoring solution that connects to MQ as a client may be used to monitor event queues.

The MQ Appliance messaging server must generate log records for access and authentication events.

Description

Remediation - Manual Procedure