The MQ Appliance network device must off-load audit records onto a different system or media than the system being audited.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Using a syslog logging target, the MQ Appliance logs all audit records to the syslog. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice. Off-loading is a common process in information systems with limited audit storage capacity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-89687r1_rule
Severity: Medium
References: CCI-001851
Updated: about 1 year ago

Log on to the MQ Appliance CLI as a privileged user. 

To enter global configuration mode, enter "config". 

To create a syslog target, enter: 
logging target <logging target name> type syslog 
admin-state "enabled" 
local-address <MQ Appliance IP> 
remote-address <syslog server IP> 
remote-port <syslog server port> 
event audit debug 
event auth debug 
event mgmt debug 
event cli debug 
event user debug 
event system error 
exit 
write mem 
y

Configure the MQ appliance to off-load audit records to a remote syslog server.

The MQ Appliance network device must off-load audit records onto a different system or media than the system being audited.

Description

Remediation - Manual Procedure