Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001851
CCI
CCI|CCI-001851
Title
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2013
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.200 - The system must be configured to use the au-remote plugin.
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - direction
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - path
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - type
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.0210 - The system must take appropriate action when the audisp-remote buffer is full.
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.0211 - The system must label all off-loaded audit logs before sending them to the central log server.
Unix
Tenable Fedora Linux Best Practices v2.0.0
4.1.2.3 Ensure audit system is set to single when the disk is full.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errors
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - direction
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - path
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - type
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is full
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full
Unix
DISA STIG AIX 7.x v2r8
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace
Unix
DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace
Unix
DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trail
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trail
Unix
DISA STIG AIX 7.x v2r6