E-mail Server "Circular Logging" is not set appropriately.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18705	EMG2-333 Exch2K3BE	SV-20350r1_rule	ECSC-1	Low

Description
Logging provides a history of events performed, and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed, or the raise the potential that insufficient history will be available to investigate them. This setting controls how log files are written. If circular logging is enabled, there is one log file for this storage group with a maximum size of (for example, 5MB). Once the size limit has been reached, additional log entries begin overwriting the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created. Back-End Servers should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security plan. Front-End Servers may opt to use circular logging, as message content is significantly less, and not of a critical nature.

Description

Logging provides a history of events performed, and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed, or the raise the potential that insufficient history will be available to investigate them. This setting controls how log files are written. If circular logging is enabled, there is one log file for this storage group with a maximum size of (for example, 5MB). Once the size limit has been reached, additional log entries begin overwriting the oldest log entries. If circular logging is disabled, once a log file reaches the size limit, a new log file is created. Back-End Servers should not use circular logging. Logs should be written to a partition separate from the operating system, with log protection and backups being incorporated into the overall System Security plan. Front-End Servers may opt to use circular logging, as message content is significantly less, and not of a critical nature.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22423r1_chk )
Validate Logging configuration. Procedure: Exchange system Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> [storage group] >> Properties >> General tab The ‘Enable circular logging’ checkbox should be cleared. Criteria: If the 'Enable circular logging’ checkbox is cleared, this is not a finding.

Fix Text (F-19351r1_fix)
Configure E-mail servers’ circular logging to be disabled. Procedure: Exchange system Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> [storage group] >> Properties >> General tab Clear the ‘Enable circular logging’ checkbox.