UCF STIG Viewer Logo

System does not halt once an event log has reached its maximum size.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1091 3.015 SV-1091r1_rule ECRR-1 Low
Description
If the security log is full, it becomes possible for some events to not be logged. Selecting this option will halt the computer when the log is full to prevent losing any events. If the system halts as a result of a full log, an administrator must restart the system and reset the log. This work-stoppage event can be prevented, provided the IAO periodically archives the event logs.
STIG Date
Win2k3 Audit 2013-06-10

Details

Check Text ( None )
None
Fix Text (F-80r1_fix)
Create site procedures for identifying, in a timely manner, that the system has stopped writing to the event log, and specifying actions to take to preserve Event log information and correct the problem.

OR

Configure Servers to halt processing if there is an audit failure, or an event log has filled up.