The firewall implementation must produce application event log records containing sufficient information to establish when the events occurred.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37347 | SRG-NET-999999-FW-000177 | SV-49108r1_rule | Medium |
| Description |
|---|
| Logging the date and time of each detected event provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or identify an improperly configured firewall. In order to establish and correlate the series of events leading up to an outage or attack, it is imperative the date and time are recorded in all log records. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45594r1_chk ) |
|---|
| Examine the aggregated firewall application event log on the management console. View entries for several alerts. Verify the events being captured in the application logs include the date and time of each event. If the firewall application log does not include the date and time the events occurred, this is a finding. |
| Fix Text (F-42272r1_fix) |
|---|
| Configure the firewall application log, so entries in the logs include the date and time of the event. |