UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Central Log Server must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206492 SRG-APP-000359-AU-000120 SV-206492r399883_rule Low
Description
If security personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion. Although this may be part of the operating system function, for the enterprise events management system, this is most often a function managed through the application since it is a critical function and requires the use of a large amount of external storage.
STIG Date
Central Log Server Security Requirements Guide 2021-06-24

Details

Check Text ( C-6752r285717_chk )
Note: This is not applicable (NA) if an external application or operating system manages this function.

Examine the configuration.

Verify the system is configured to send an immediate warning to the SA and ISSO (at a minimum) when allocated log record storage volume reaches 75 percent of the repository's maximum log record storage capacity.

If the Central Log Server is not configured to send an immediate alert to the SA and ISSO (at a minimum) when allocated log record storage volume reaches 75 percent of repository maximum log record storage capacity, this is a finding.
Fix Text (F-6752r285718_fix)
Configure the Central Log Server to send an immediate alert to the SA, ISSO, and other authorized personnel when allocated log record storage volume reaches 75 percent of repository maximum log record storage capacity.