JUSX-DM-000060 - For local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs.

Information

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Without this alert, the security personnel may be unaware of an impending failure of the log capability and system operation may be adversely affected.

Alerts provide organizations with urgent messages. Real-time alerts provide these messages at information technology speed (i.e., the time from event detection to alert occurs in seconds or less). Automated alerts can be conveyed in a variety of ways, including, for example, telephonically, via electronic mail, via text message, or via websites.

Log processing failures include software/hardware errors, failures in the log capturing mechanisms, and log storage capacity being reached or exceeded.

While this requirement also applies to the event monitoring system (e.g., Syslog, Security Information and Event Management [SIEM], or SNMP servers), the Juniper SRX must also be configured to generate a message to the administrator console.

Syslog and SNMP trap events with a facility of 'daemon' pertain to errors encountered by system processes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

The following commands configure syslog to immediately display any emergency level or daemon alert events to the management console. The message will display on any currently logged on administrator's console.

[edit]
set system syslog user * any emergency
set system syslog user * daemon alert
set system syslog user * daemon critical

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_SRX_SG_Y24M07_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-2(1), 800-53|CM-6b., CAT|III, CCI|CCI-000015, CCI|CCI-000366, Rule-ID|SV-229022r997560_rule, STIG-ID|JUSX-DM-000060, STIG-Legacy|SV-81063, STIG-Legacy|V-66573, Vuln-ID|V-229022

Plugin: Juniper

Control ID: 7135e81d3aa669ee4bdcb08943b3c2b235898b6621fccee68b42d42c14e5930c