Skip to content

The Cisco switch must be configured to generate an alert for all audit failure events.

An XCCDF Rule

Description

<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-220548r879733_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the Cisco switch to send critical to emergency log messages to the syslog server as shown in the example below:

SW4(config)#logging trap critical

Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, informational).