UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Symantec ProxySG must use a centralized log server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94257 SYMP-AG-000210 SV-104211r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).
STIG Date
Symantec ProxySG ALG Security Technical Implementation Guide 2020-03-27

Details

Check Text ( C-93443r1_chk )
Determine whether audit log off-loading is configured.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Client" and Verify that a "Client type" is specified. All client types use TCP for communication to the target server (FTP/S, HTTP/S, Kafka, etc.).

If Symantec ProxySG does not use a centralized log server, this is a finding.
Fix Text (F-100373r1_fix)
Configure audit log off-loading.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Configure the "Upload Client" and "Upload Schedule" capabilities. (All client types use TCP for communication to the site's event server.)