Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS sensor events log monitoring application or mechanism retrieves events from the sensor before the events log becomes full.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000083-IDPS-000079 | SRG-NET-000083-IDPS-000079 | SRG-NET-000083-IDPS-000079_rule | Medium |
| Description |
|---|
| The IDPS logging facility must be configured to reduce the likelihood of log record capacity being exceeded. Events on the sensor are typically stored on a large events log. The log in the sensor is typically very large and can hold several days of logging events under normal conditions. However, the monitoring application must retrieve events from the sensor before the queue becomes full; otherwise the sensor will start overwriting the unread events and valuable information may be lost. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43207_chk ) |
|---|
| Verify the mechanism controlling the spooling of IDPS data is in place to move the data to the site's management network. If sensors are not configured to spool the events log before a log overflow occurs, this is a finding. |
| Fix Text (F-43207_fix) |
|---|
| Configure the IDPS sensor to spool the sensor events log before data overflow occurs. |