UCF STIG Viewer Logo

The Cisco ASA must be configured to off-load log records to a centralized log server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239879 CASA-IP-000110 SV-239879r665950_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is compromised. This also prevents the log records from being lost if the logs stored locally are accidentally or intentionally deleted, altered, or corrupted.
STIG Date
Cisco ASA IPS Security Technical Implementation Guide 2021-03-15

Details

Check Text ( C-43112r665948_chk )
Verify that a syslog server has been defined.

Step 1: Navigate to Configuration >> ASA Firepower Configuration >> Policies > Actions Alerts. The Alerts page appears.

Step 2: Verify the IP address and port number of the syslog server.

If the Cisco ASA is not configured to send log records to a centralized log server, this is a finding.
Fix Text (F-43071r665949_fix)
Configure Firepower to send log records to a syslog server as shown in the following steps:

Step 1: Navigate to Configuration >> ASA Firepower Configuration >> Policies >> Actions Alerts.

Step 2: Click the Create Alert drop-down menu and choose option Create Syslog Alert.

Step 3: Enter the following values for the Syslog server:
Host: Specify the IP address/hostname of Syslog server.
Port: Specify the port number of Syslog server.

Step 4: Click Store ASA FirePOWER Changes.