JUEX-NM-000600 - The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.

Information

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity. Archiving is not required unless space is limited in the audit server.

Solution

Archiving is not required unless space is limited in the audit server. Configure the network device to offload audit records onto a different system or media than the system being audited.

set file <file name> any info
set system syslog file <file name> any info
set system syslog file <file name> archive size <65536..1073741824 bytes>
set system syslog file <file name> archive files <1..1000>
set system syslog file <file name> archive transfer-interval <5..2880 minutes>
set system syslog file <file name> archive start-time '<yyyy-mm-dd.hh:mm>'
set system syslog file <file name> archive archive-sites '<scp|sftp>://<username>@<repository address>/<path without trailing slash (/)>' password '<PSK>'
set system syslog host <external syslog address> any info

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_EX_Switches_Y24M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-253937r961860_rule, STIG-ID|JUEX-NM-000600, Vuln-ID|V-253937

Plugin: Juniper

Control ID: 12058d946927f232bc902b40b1d0154814a3bd7e48ced2bdfc89e1eccfe8b038