JUSX-DM-000056 - For local log files, the Juniper SRX Services Gateway must allocate log storage capacity in accordance with organization-defined log record storage requirements so that the log files do not grow to a size that causes operational issues.

Information

In order to ensure network devices have a sufficient storage capacity in which to write the logs, they need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable.

The amount allocated for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, and how long the logs are kept on the device. Since the Syslog is the primary audit log, the local log is not essential to keep archived for lengthy periods, thus the allocated space on the device should be low.

Solution

Enter the following commands in the [edit system syslog] hierarchy.

[edit system syslog]
set file <log filename> any any archive size <file size> file <number of archives>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_SRX_SG_Y24M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CAT|II, CCI|CCI-001849, Rule-ID|SV-223198r961392_rule, STIG-ID|JUSX-DM-000056, STIG-Legacy|SV-80967, STIG-Legacy|V-66477, Vuln-ID|V-223198

Plugin: Juniper

Control ID: de1a7c727e4c14f87e4d104ab812713ececebc46161bdf221368c564f6b9503e