UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.


Overview

Finding ID Version Rule ID IA Controls Severity
V-79445 SRG-NET-000333-FW-000014 SV-94151r1_rule Medium
Description
Without the ability to centrally manage the content captured in the traffic log entries, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an ongoing attack. The DoD requires centralized management of all network component audit record content. Network components requiring centralized traffic log management must have the ability to support centralized management. The content captured in traffic log entries must be managed from a central location (necessitating automation). Centralized management of traffic log records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. Ensure at least one syslog server is configured on the firewall. If the product inherently has the ability to store log records locally, the local log must also be secured. However, this requirement is not met since it calls for a use of a central audit server.
STIG Date
Firewall Security Requirements Guide 2018-03-21

Details

Check Text ( C-79059r1_chk )
Examine the traffic log configuration on the firewall.

Verify the firewall is configured to send traffic log entries to the organization's central audit server.

If the firewall is not configured to send traffic log entries to the organization's central audit server, this is a finding.
Fix Text (F-86217r1_fix)
Configure the firewall to ensure traffic log entries are transmitted to the organization's central audit server (e.g., syslog server).