| 1.6.3 Prevent Syslog from accepting messages from the network | CIS HP-UX 11i v1.5 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.200 - The system must be configured to use the au-remote plugin. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - direction | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - path | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - type | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.0211 - The system must label all off-loaded audit logs before sending them to the central log server. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.1 Ensure auditd is installed | CIS Ubuntu Linux 20.04 LTS Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.1 Ensure auditd is installed | CIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.8 Ensure audit logs are stored on a different system. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - direction | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - path | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - type | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable use of the au-remote plugin | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure off-load of audit logs - direction | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Enure off-load of audit logs - path | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Enure off-load of audit logs - type | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.10 Ensure off-loaded audit logs are labeled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.10 init.ora - 'Establish redundant physically separate locations for redo log files.' | CIS v1.1.0 Oracle 11g OS L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.10 init.ora - 'Establish redundant physically separate locations for redo log files.' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.11 init.ora - 'Establish redundant physically separate locations for redo log files.' | CIS Oracle 9/10 OS Audit L1 v2.01 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.11 init.ora - 'Specify redo logging must be successful.' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| Auditing and logging - server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Big Sur - Off-Load Audit Records | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Off-Load Audit Records | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| Ensure 'syslog hosts' is configured correctly | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM iSeries Security Reference v5r4 | AS/400 | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-001300 - The Juniper router must be configured to off-load log records onto a different system than the system being audited. | DISA STIG Juniper Router NDM v1r4 | Juniper | AUDIT AND ACCOUNTABILITY |
| Logging: capture level is set to at least info | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| Logging: Use an external syslog host | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| Monterey - Off-Load Audit Records | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000081 - OHS must be configured to store error log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000081 - OHS must be configured to store error log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030700 - OL 8 must take appropriate action when the internal event queue is full. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| Syslog Remote Destination - Host | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
