UCF STIG Viewer Logo

Network device logs must include source IP, destination IP, port, protocol used and action taken.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25891 NET1289 SV-32504r2_rule ECSC-1 ECTB-1 Low
Description
The network device logs can be used for forensic analysis in support of incident as well as to aid with normal traffic analysis.
STIG Date
Firewall Security Technical Implementation Guide 2017-12-07

Details

Check Text ( C-32809r3_chk )
Review the active logs and verify the source IP, destination IP, port, protocol used and action taken are recorded fields in the event record.

If logs do not include the source IP, destination IP, port, or protocol, this is a finding.
Fix Text (F-28929r1_fix)
Ensure the firewall logs are receiving source IP, destination IP, port, protocol used and action taken.