The BIG-IP appliance must be configured to back up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-60135	F5BI-DM-000085	SV-74565r1_rule		Low

Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

Description

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

STIG	Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide	2019-10-01

Details

Check Text ( C-60961r1_chk )
Verify the BIG-IP appliance is configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited. Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging. Verify a syslog destination is configured that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited. If the BIG-IP appliance is not configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited, this is a finding.

Check Text ( C-60961r1_chk )

Verify the BIG-IP appliance is configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited.

If the BIG-IP appliance is not configured to off-load logs to a remote syslog server that backs up audit records at least every seven (7) days onto a different system or system component than the system or component being audited, this is a finding.

Fix Text (F-65693r1_fix)
Configure the BIG-IP appliance to off-load logs to a remote syslog server to back up audit records at least every seven days onto a different system or system component than the system or component being audited.