The application server must provide the ability to write specified audit record content to an audit log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35183 | SRG-APP-000102-AS-000064 | SV-46470r1_rule | Medium |
| Description |
|---|
| Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, but is not limited to time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, filenames involved, access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. Application servers and their related components are required to be capable of writing logs to centralized audit log servers. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43563r1_chk ) |
|---|
| Verify the audit logs can be directly written to a separate system or transferred from the AS to a storage location other than the AS itself. The system administrator of the device may demonstrate this capability using an audit management application, system configuration, or other means. If audit logs cannot be transferred on request or on a periodic schedule, this is a finding. |
| Fix Text (F-39731r1_fix) |
|---|
| Configure the AS to transfer the audit logs to remote log or management servers. |