STIGQter: STIG Summary: Juniper SRX Services Gateway ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally.

DISA Rule

SV-214522r557389_rule

Vulnerability Number

V-214522

Group Title

SRG-NET-000089-ALG-000055

Rule Version

JUSX-AG-000063

Severity

CAT II

CCI(s)

CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

Fix Recommendation

The following example commands configure local backup files to capture DoD-defined auditable events.

[edit]
set system syslog file <LOG-NAME> any info
set system syslog file <LOG-NAME> match "RT_FLOW_SESSION "

Example:
set system syslog file<LOG-NAME> match "RT_FLOW_SESSION "

Check Contents

Verify logging has been enabled and configured.

[edit]
show log <LOG-NAME> match "RT_FLOW_SESSION"

If a local log file or files is not configured to capture "RT_FLOW_SESSION" events, this is a finding.

In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments