Event log sizes do not meet minimum requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1118 | 5.002 | SV-29487r1_rule | ECRR-1 | Medium |
| Description |
|---|
| Inadequate log size will cause the log to fill up quickly and require frequent clearing by administrative personnel. |
| STIG | Date |
|---|---|
| Windows 2003 Member Server Security Technical Implementation Guide | 2014-01-07 |
Details
| Check Text ( C-509r1_chk ) |
|---|
| Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Event Log -> Settings for Event Logs. If the value for “Maximum application log size” is not set to a minimum of “16384 kilobytes”, then this is a finding. If the value for “Maximum security log size” is not set to a minimum of “81920 kilobytes”, then this is a finding. If the value for “Maximum system log size” is not set to a minimum of “16384 kilobytes”, then this is a finding. Documentable Explanation: If the machine is configured to write an event log directly to an audit server, the “Maximum log size” for that log does not have to conform to the requirements above. This should be documented with the IAO. Note: Microsoft recommends that the combined size of all the event logs (including DNS logs, Directory Services logs, and Replication logs on Servers or Domain Controllers) should not exceed 300 megabytes. Exceeding the recommended value can impact performance. |
| Fix Text (F-5808r1_fix) |
|---|
| Configure the system to have the required minimum Event log sizes. |