UCF STIG Viewer Logo

Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94669 SYMP-NM-000090 SV-104499r1_rule Low
Description
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without an alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages.
STIG Date
Symantec ProxySG NDM Security Technical Implementation Guide 2019-12-20

Details

Check Text ( C-93859r1_chk )
Verify the Symantec ProxySG is configured to send alerts when event logging fails.

1. Log on to the Web Management Console.
2. Click Maintenance >> Events Logging.
3. Confirm that "Severe" is checked.
4. Select the "Mail" tab and confirm an email address of an administrator is entered.

If Symantec ProxySG does not generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent, this is a finding.
Fix Text (F-100787r1_fix)
Configure the ProxySG to send notifications.

1. Log on to the Web Management Console.
2. Click Maintenance >> Events Logging.
3. Select "Severe".
4. Select the "Mail" tab and enter the email address to receive the email alert.
5. Click "Apply".