UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Central Log Server must be configured to perform on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206496 SRG-APP-000363-AU-000180 SV-206496r399895_rule Low
Description
The ability to search the log records to better view events of interest provides the persons reviewing the logs with the ability to quickly isolate and identify these events without having to review entries that are of little or no consequence to the investigation. Without this capability, forensic investigations are impeded. This requires applications to provide the capability to search log record reports based on organization-defined criteria.
STIG Date
Central Log Server Security Requirements Guide 2021-06-24

Details

Check Text ( C-6756r285729_chk )
Examine the configuration.

Verify the Central Log Server performs on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records.

If the Central Log Server is not configured to perform on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records, this is a finding.
Fix Text (F-6756r285730_fix)
Configure the Central Log Server to perform on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records.