UCF STIG Viewer Logo

Syslog messages must be retained for a minimum of 30 days online and then stored offline for one year.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66351 NET1026 SV-80841r1_rule Low
Description
Logging is a critical part of router security. Maintaining an audit trail of system activity logs (syslog) can help identify configuration errors, understand past intrusions, troubleshoot service disruptions, and react to probes and scans of the network.
STIG Date
Network Infrastructure Policy Security Technical Implementation Guide 2019-12-10

Details

Check Text ( C-66997r1_chk )
Examine the syslog server to verify that it is configured to store messages for at least 30 days. Have the administrator show you the syslog files stored offline for one year.

If the syslog messages are not kept online for thirty days and offline for one year, this is a finding.
Fix Text (F-72427r1_fix)
Configure the syslog server to store messages for at least 30 days on-line. The administrator must establish a strategy for storing the logs off-line for minimum of 1 year.