Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)

Information

Determines the size of the local buffer in which the logs are stored so that they can be checked by the administrator.

Rationale:

The internal log buffer serves as a temporary storage location. New messages are appended to the end of the list. When the buffer is full, that is, when the buffer wraps, old messages are overwritten as new messages are generated. The internal log buffer allows the administrator performing a health check on the system to locally have the last logs generated.

Solution

Firepower Management Center:

Devices > Platform settings > Syslog > Logging setup

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4

Plugin: Cisco_Firepower

Control ID: f1e4736718bfc48000b2af57ce021f01fbb5b1e9812ea21070ef602bf38578c3