UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Where multiple log servers are installed in the enclave, each log server must be configured to aggregate log records to a central aggregation server or other consolidated events repository.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206451 SRG-APP-000086-AU-000390 SV-206451r395700_rule Medium
Description
Log servers (e.g., syslog servers) are often used on network segments to consolidate from the devices and hosts on that network segment. However, this does not achieve compliance with the DoD requirement for a centralized enclave log server. To comply with this requirement, create a central log server that aggregates multiple log servers or use another method to ensure log analysis and management is centrally managed and available to enterprise forensics and analysis tools. This server is often called a log aggregator, SIEM, or events server.
STIG Date
Central Log Server Security Requirements Guide 2021-06-24

Details

Check Text ( C-6711r285597_chk )
Examine the network architecture and documentation.

If the log server being reviewed is one of multiple log servers in the enclave or on a network segment, verify that an aggregation server exists and that the log server under review is configured to send records received from the host and devices to the aggregation server or centralized SIEM/events sever.

Where multiple log servers are installed in the enclave, if each log server is not configured to send log records to a central aggregation server or other consolidated events repository, this is a finding.
Fix Text (F-6711r285598_fix)
Where multiple log servers are installed in the enclave, configure each log server to forward logs to a consolidated aggregation server.