Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-94679 | SYMP-NM-000140 | SV-104509r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. |
| STIG | Date |
|---|---|
| Symantec ProxySG NDM Security Technical Implementation Guide | 2019-12-20 |
Details
| Check Text ( C-93869r1_chk ) |
|---|
| Verify event logging to a remote events collection server is configured in order to send event logs to a different system. 1. Log on to the Web Management Console. 2. Click Maintenance >> Event Logging >> Syslog. 3. Confirm that "Syslog" is "Enabled" and a syslog server is specified. If Symantec ProxySG does not back up event logs onto a different system or system component than the system or component being audited, this is a finding. |
| Fix Text (F-100797r1_fix) |
|---|
| Configure event logging to a remote events server to ensure that event logs are recorded on a different system. To configure Syslog: 1. Log on to the Web Management Console. 2. Click Maintenance >> Event Logging >> Syslog. 3. Enter the IP address or name of a syslog server, click "OK". 4. Repeat step 3 for any additional syslog servers. 5. Click "Apply". |