1.10.12 Ensure email logging is configured for critical to emergency

Information

Enables logs to be sent to an email recipient for critical to emergency logs' severity levels

Rationale:

In some cases, the notifications of the Syslog server or the NMS system can be delayed by the time taken to process the logs and build the reports. Some system's events require an immediate intervention of the administrator and it in this case, the logs generated should be directly sent to the administrator email address.

Solution

Step 1: Run the following to enable email logging for logs with severity level from critical and above (critical, alert and emergency)

hostname(config)#logging mail critical

Step 2: Obtain from the mail server administrator to create an firewall email account <firewall_email_account> and run the following to enable the account as email source address in the firewall

hostname(config)#logging from-address <firewall_email_account>

Step 3: Acquire the firewall administrator email account <firewall_admin_email> and run the following for the security appliance to send logs to its administrator email account

hostname(config)#logging recipient-address <firewall_admin_email>

Step 4: Obtain from the mail server administrator the mail server IP address <mail_server_ip> and run the following to configure it in the firewall

hostname(config)#smtp-server <mail_server_ip>

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6

Plugin: Cisco

Control ID: 08fbe99c5a2af07abc663ce7ce0af4b6e6e6b0052c43e5035e9574d8556933ef