UCF STIG Viewer Logo

Audit record parameters must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33617 Exch-2-833 SV-44037r2_rule ECSC-1 Low
Description
Log files help establish a history of activities, and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.
STIG Date
Exchange 2010 Mailbox Server STIG 2014-03-11

Details

Check Text ( C-41724r1_chk )
Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select AdminAuditLogParameters

If the value of 'AdminAuditLogParameters' is not set to '{*}', this is a finding.

Note: The value of {*} indicates all parameters are being audited.
Fix Text (F-37509r1_fix)
Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogParameters *