The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-229005 | F5BI-DM-000193 | SV-229005r557520_rule | Low |
| Description |
|---|
| If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion. This could lead to the loss of audit information. Note that while the network device must generate the alert, notification may be done by a management server. |
| STIG | Date |
|---|---|
| F5 BIG-IP Device Management 11.x Security Technical Implementation Guide | 2020-09-28 |
Details
| Check Text ( C-31320r518059_chk ) |
|---|
| Verify the BIG-IP appliance is configured to use a properly configured syslog server that generates an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging. Verify a syslog destination is configured that generates an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. If an immediate alert is not generated when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity, this is a finding. |
| Fix Text (F-31297r518060_fix) |
|---|
| Configure the BIG-IP appliance to use a properly configured syslog server to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. |