JUEX-NM-000620 - The Juniper EX switch must be configured to generate log records for a locally developed list of auditable events.

Information

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Solution

Configure the network device to generate audit log events for a locally developed list of auditable events.

set system syslog file <file name> messages any info
set system syslog file <file name> structured-data << (Optional) Only if structured data format is required
set system syslog host <external syslog address> any info
set system syslog host <external syslog address> structured-data << (Optional) Only if structured data format is required
set system syslog time-format year

If using REGEX or string match conditions:
set system syslog file <name> any <info|any>
set system syslog file <name> match <REGEX>
-or-
set system syslog file <name> match-strings [ 'string 1' 'string 2' ]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_EX_Switches_Y24M10_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

References: 800-53|AU-12a., 800-53|CM-6b., CAT|II, CCI|CCI-000169, CCI|CCI-000366, Rule-ID|SV-253939r961863_rule, STIG-ID|JUEX-NM-000620, Vuln-ID|V-253939

Plugin: Juniper

Control ID: 442e09bc08e9c7394d27a88b0516ca9c7b2f792394fa20a49d868f84218506e2