Skip to content

The WebSphere Application Server must allocate audit log record storage capacity in accordance with organization-defined log record storage requirements.

An XCCDF Rule

Description

<VulnDiscussion>The proper management of log records not only dictates proper archiving processes and procedures be established, it also requires allocating enough storage space to maintain the logs online for a defined period of time. If adequate online log storage capacity is not maintained, intrusion monitoring, security investigations, and forensic analysis can be negatively affected. It is important to keep a defined amount of logs online and readily available for investigative purposes. The logs may be stored on the application server until they can be archived to a log system or, in some instances, a Storage Area Networks (SAN). Regardless of the method used, log record storage capacity must be sufficient to store log data when the data cannot be offloaded to a log system or SAN.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-95955r1_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Identify Audit Service Provider log size and history retention based on component log policy.

Document those values in the System Security Plan.

From administrative console, click Security >> Security auditing >>Related Items>> Audit service provider >> [audit_service_provider_name].