The application server must be configured to log the audit subsystem failure notification information that is sent out (e.g., the recipients of the message and the nature of the failure).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35190	SRG-APP-000109-AS-000068	SV-46477r1_rule		Low

Description
It is critical that, when a system is at risk of failing to process audit logs, it detects and takes action to mitigate the failure. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. For forensic, non-repudiation and troubleshooting purposes, the AS must be configured to log both who was notified of the audit log processing failure and the nature of the failure.

Description

It is critical that, when a system is at risk of failing to process audit logs, it detects and takes action to mitigate the failure. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. For forensic, non-repudiation and troubleshooting purposes, the AS must be configured to log both who was notified of the audit log processing failure and the nature of the failure.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43568r3_chk )
Review the AS configuration settings to determine if the AS is configured to log the administrative personnel who are notified when the audit subsystem fails to operate. Review failure logs to ensure the nature of the failure is also logged. If the AS does not execute this requirement, this is a finding.

Fix Text (F-39736r2_fix)
Configure the AS to log the administrative staff who are notified and the nature of the failure when the auditing subsystem fails.