The firewall implementation must produce application log records containing sufficient information to establish where the events occurred.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37348 | SRG-NET-999999-FW-000178 | SV-49109r1_rule | Medium |
| Description |
|---|
| Logging network location information for each detected event provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured firewall. In order to establish and correlate the series of events leading up to an outage or attack, it is imperative the source or object of the log record is recorded in all log records. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45595r1_chk ) |
|---|
| Examine the aggregated firewall application log on the management console. View entries for several alerts. Verify the events in the logs show the location of each event (e.g., network name, network subnet, network segment, or organization). If the firewall application log records do not include the event location, this is a finding. |
| Fix Text (F-42273r1_fix) |
|---|
| Configure the firewall implementation to capture the location of each event (e.g., network name, network subnet, network segment, or organization). |