The HP FlexFabric Switch must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66197 | HFFS-ND-000042 | SV-80687r1_rule | Low |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. |
| STIG | Date |
|---|---|
| HP FlexFabric Switch NDM Security Technical Implementation Guide | 2019-09-27 |
Details
| Check Text ( C-66843r1_chk ) |
|---|
| Determine if the HP FlexFabric Switch is configured to use an external syslog server: [HP] display info-center Information Center: Enabled Console: Enabled Monitor: Enabled Log host: Enabled Source address interface: M-GigabitEthernet0/0/0 192.168.100.12, port number: 514, host facility: local7 Log buffer: Enabled Max buffer size 1024, current buffer size 512 Current messages 356, dropped messages 0, overwritten messages 0 Log file: Enabled Security log file: Enabled Information timestamp format: Log host: Date Other output destination: Date If the HP FlexFabric Switch is not configure to use an external syslog server, this is a finding. |
| Fix Text (F-72273r1_fix) |
|---|
| Configure the HP FlexFabric Switch to forward its log to an external syslog server: [HP] info-center loghost 192.168.100.12 |