SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

Information

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without an alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.

Alerts provide organizations with urgent messages.

Solution

Configure the ProxySG to send notifications.

1. Log on to the Web Management Console.
2. Click Maintenance >> Events Logging.
3. Select 'Severe'.
4. Select the 'Mail' tab and enter the email address to receive the email alert.
5. Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(2), CAT|III, CCI|CCI-001858, Rule-ID|SV-104499r1_rule, STIG-ID|SYMP-NM-000090, Vuln-ID|V-94669

Plugin: BlueCoat

Control ID: 91234b866daec5937eda5d28798a5ef4bccc33717c3fdd90ccb4b00bb456a066