SV-223191r513265_rule
V-223191
SRG-APP-000091-NDM-000223
JUSX-DM-000040
CAT III
10
The following example commands configure Syslog and local backup files to capture DoD-defined auditable events.
[edit]
set system syslog user * any emergency
set system syslog host <IP-syslog-server> any any
set system syslog host <IP-syslog-server> source-address <MGT-IP-Address>
set system syslog host <IP-syslog-server> log-prefix <host-name>
set system syslog file messages any info
set system syslog file messages authorization none
set system syslog file messages interactive-commands none
set system syslog file messages daemon none
set system syslog file User-Auth authorization any
set system syslog file interactive-commands interactive-commands any
set system syslog file processes daemon any
set system syslog file account-actions change-log any any
set file account-actions match “system login user”
set system syslog console any any
Verify logging has been enabled and configured.
[edit]
show system syslog
If a valid syslog host server and the syslog file names are not configured to capture "any" facility and "any" event, this is a finding.
V-223191
False
JUSX-DM-000040
Verify logging has been enabled and configured.
[edit]
show system syslog
If a valid syslog host server and the syslog file names are not configured to capture "any" facility and "any" event, this is a finding.
M
4098