4.3 (L1) Host must log sufficient information for events

Information

Set the Syslog.global.logLevel parameter to "info" to ensure that audit logs capture sufficient information for diagnosing issues and investigating security events. This setting strikes a balance between log verbosity and storage utilization. The parameter governing this behavior is Syslog.global.logLevel with a recommended setting of info.

Adequate log data is crucial for identifying indicators of compromise, enabling timely and effective response to cybersecurity incidents. The "info" level provides essential details without excessively consuming storage resources.

Solution

Impact:

More verbose logging levels will demand additional storage space while potentially burying critical entries under less significant data. Conversely, less verbose levels might miss capturing crucial information, hindering effective diagnostics and incident response.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, CSCv7|6.3

Plugin: VMware

Control ID: d4736d883035dc5173a749c51cffa37580cbe4176b127a6506d707c1ee4371ed