Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The firewall implementation application event logging function must reduce the likelihood of log record capacity being exceeded.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37354 | SRG-NET-999999-FW-000184 | SV-49115r1_rule | Low |
| Description |
|---|
| Event logging is a key function of the firewall implementation. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured network element. It is imperative the firewall implementation be configured so that log record storage capacity will not become exhausted. Without this capability, the site could lose valuable data needed for investigating security incidents. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45601r1_chk ) |
|---|
| Verify there is a mechanism controlling the spooling of the firewall application log data to a central log server. Verify spooling is configured to move the data from the event log to the central log before the firewall log capacity is exceeded. If the logging function is not configured to reduce the risk of exceeding log capacity, this is a finding. |
| Fix Text (F-42279r1_fix) |
|---|
| Configure the firewall implementation to spool the log data before data overflow occurs. |