Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1091 | 3.015 | SV-1091r1_rule | ECRR-1 | Low |
Description |
---|
If the security log is full, it becomes possible for some events to not be logged. Selecting this option will halt the computer when the log is full to prevent losing any events. If the system halts as a result of a full log, an administrator must restart the system and reset the log. This work-stoppage event can be prevented, provided the IAO periodically archives the event logs. |
STIG | Date |
---|---|
Win2k3 Audit | 2013-06-10 |
Check Text ( None ) |
---|
None |
Fix Text (F-80r1_fix) |
---|
Create site procedures for identifying, in a timely manner, that the system has stopped writing to the event log, and specifying actions to take to preserve Event log information and correct the problem. OR Configure Servers to halt processing if there is an audit failure, or an event log has filled up. |