Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must be configured to stop generating sensor log records or overwrite the oldest log records when a log failure occurs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34581 | SRG-NET-999999-IDPS-00225 | SV-45440r1_rule | Low |
| Description |
|---|
| Sensor event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured IDPS. To preserve recent log information, if an audit failure occurs, the IDPS must either stop producing audit records to overwrite or purge the oldest records. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42789r1_chk ) |
|---|
| Verify the management console and sensors are set to either stop generating log records or overwrite the oldest log records when a log failure occurs. If the system is not configured to either stop generating log records or overwrite the oldest log records when a log failure occurs, this is a finding. |
| Fix Text (F-38837r1_fix) |
|---|
| Configure the IDPS components to either stop generating log records or overwrite the oldest log records when a sensor log failure occurs. |