Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

An XCCDF Rule

Description

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

ID: SV-104509r1_rule
Version: SYMP-NM-000140
Severity: Medium
References: CCI-001348
Updated: 11 days ago

Remediation Templates

Configure event logging to a remote events server to ensure that event logs are recorded on a different system.

To configure Syslog:
1. Log on to the Web Management Console.
2. Click Maintenance >> Event Logging >> Syslog.
3. Enter the IP address or name of a syslog server, click "OK".4. Repeat step 3 for any additional syslog servers.
5. Click "Apply".

Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

Description

Remediation Templates

A Manual Procedure