The Central Log Server log records must be configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-206452	SRG-APP-000088-AU-000040	SV-206452r395703_rule		Low

Description
Without a standardized format for log records, the ability to perform forensic analysis may be more difficult. Standardization facilitates production of event information that can be more readily analyzed and correlated. Log information that is normalized to common standards promotes interoperability and exchange of such information between dissimilar devices and information systems. If logging mechanisms within applications that send records to the centralized audit system do not conform to standardized formats, the audit system may convert the records into a standardized format when compiling system-wide audit trails. Thus, although the application and other system components should send the information in a standardized format, ultimately the audit aggregation server is responsible for ensuring the records are compiled to meet this requirement.

Description

Without a standardized format for log records, the ability to perform forensic analysis may be more difficult. Standardization facilitates production of event information that can be more readily analyzed and correlated. Log information that is normalized to common standards promotes interoperability and exchange of such information between dissimilar devices and information systems. If logging mechanisms within applications that send records to the centralized audit system do not conform to standardized formats, the audit system may convert the records into a standardized format when compiling system-wide audit trails. Thus, although the application and other system components should send the information in a standardized format, ultimately the audit aggregation server is responsible for ensuring the records are compiled to meet this requirement.

STIG	Date
Central Log Server Security Requirements Guide	2022-09-14

Details

Check Text ( C-6712r285600_chk )
Examine the configuration. Verify log records are configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by a typical analysis tools. If the Central Log Server log records are not configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools, this is a finding.

Check Text ( C-6712r285600_chk )

Examine the configuration.

Verify log records are configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by a typical analysis tools.

If the Central Log Server log records are not configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools, this is a finding.

Fix Text (F-6712r285601_fix)
Configure the Central Log Server log records to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools.