SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited. - Syslog IP

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained.
This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records

Solution

Configure event logging to a remote events server to ensure that event logs are recorded on a different system.
To configure Syslog:
1. Log on to the Web Management Console.
2. Click Maintenance >> Event Logging >> Syslog.
3. Enter the IP address or name of a syslog server, click "OK".
4. Repeat step 3 for any additional syslog servers.
5. Click "Apply".

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Symantec_ProxySG_V1R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5, CAT|II, CCI|CCI-001348, Rule-ID|SV-104509r1_rule, STIG-ID|SYMP-NM-000140, Vuln-ID|V-94679

Plugin: BlueCoat

Control ID: 7dc7013a6b025efc6fbb3ace5d465551346f5ff282d1b01d06f213170aa3fce7