| 1.7.1 Increase the retention time for system.log and secure.log '/var/log/secure.log' | CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.1 Increase the retention time for system.log and secure.log '/var/log/system.log' | CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.9 - Miscellaneous Enhancements - AIX Auditing - 'cron audit rotation has been implemented' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.9.7 Configure log file size limit | CIS Apache Tomcat5.5/6.0 L2 v1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.7.1.1 Increase the Retention Time for system.log and secure.log (system.log check) | CIS Apple OSX 10.5 Leopard L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Audit Logging - Handler | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Retain system.log for 90 or more days | CIS Apple OSX 10.9 Mavericks L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.3 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.9 Mavericks L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Retain install.log for 365 or more days with no maximum size - ttl | CIS Apple macOS 10.15 v1.3.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.9 Mavericks L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple macOS 10.12 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2 Set Failed Archive Retry Delay (ARCHRETRYDELAY) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 - HTTP logging parameters are not set - Retain Number of Log Files | TNS Oracle WebLogic Server 11 Linux Best Practices | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 - HTTP logging parameters are not set - Retain Number of Log Files | TNS Oracle WebLogic Server 11 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| 4.3 - HTTP logging parameters are not set - Rotation Interval | TNS Oracle WebLogic Server 11 Windows Best Practices | Windows | AUDIT AND ACCOUNTABILITY |
| 4.3 - HTTP logging parameters are not set - Rotation Interval | TNS Oracle WebLogic Server 11 Linux Best Practices | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 7 L2 OS Windows v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure Log Storage and Rotation Is Configured Correctly - '/etc/logrotate.conf rotate log files = weekly' | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.0.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.6 Ensure directory in logging.properties is a secure location - check prefix application name | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.4 Configure logrotate - /var/log/mail.err | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.4 Configure logrotate - /var/log/messages | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.6.1 Avoid using nonpersistent disks | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | AUDIT AND ACCOUNTABILITY |
| 18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain system log' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| PCI 10.7 Retain audit trail history for at least one year - '/var/adm/messages set in logadm.conf' | PCI DSS 2.0/3.0 - Solaris 10 | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.7 Retain audit trail history for at least one year - '/var/adm/sulog set in logadm.conf' | PCI DSS 2.0/3.0 - Solaris 10 | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.7 Retain audit trail history for at least one year - '/var/lp/log set in logadm.conf' | PCI DSS 2.0/3.0 - Solaris 10 | Unix | AUDIT AND ACCOUNTABILITY |
| PCI 10.7 Retain audit trail history for at least one year - 'rotation in months' | PCI DSS 2.0/3.0 - Red Hat Linux | Unix | AUDIT AND ACCOUNTABILITY |
| TEM Client Logs - '_BESClient_Log_Days has been configured' | TNS IBM Tivoli Enterprise Client Linux Best Practices | Unix | AUDIT AND ACCOUNTABILITY |
