| Verify CounterACT off-loads audit records onto a centralized log server in real time. |
1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> Plugins >> Syslog.
3. Verify a Syslog server is configured in the "Send To" tab.
4. On the Events Filtering Tab, Verify all radio buttons associated with NAC Events, Threat Protection, System Logs, User Operations, and Operating systems messages are selected.
If CounterACT does not off-load onto a centralized log server in real time, this is a finding.