The IDPS must provide a log reduction capability for the sensor events log.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34577 | SRG-NET-999999-IDPS-00227 | SV-45434r1_rule | Low |
| Description |
|---|
| Log reduction is the capability of a system to consolidate, archive and compress audit logs. This process saves space when saving these logs over a long time period. Log entries must not be removed from the log in order to reduce the size; however, the file may be compressed. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42783r1_chk ) |
|---|
| Verify the management console has the capability to consolidate, archive and/or compress sensor event logs. Verify this log reduction capability is enabled. If the management console does not have sensor log reduction enabled, this is a finding. |
| Fix Text (F-38831r1_fix) |
|---|
| Enable log reduction on the management console for sensor log storage. |