Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

An XCCDF Rule

Description

<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-104509r1_rule
Severity: Medium
References: CCI-001348
Updated: about 1 year ago

Configure event logging to a remote events server to ensure that event logs are recorded on a different system.

To configure Syslog:
1. Log on to the Web Management Console.
2. Click Maintenance >> Event Logging >> Syslog.
3. Enter the IP address or name of a syslog server, click "OK".4. Repeat step 3 for any additional syslog servers.
5. Click "Apply".

Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

Description

Remediation - Manual Procedure