The system must generate an audit event when the audit log reaches a percentage of full threshold.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4108	WN12-SO-000049	SV-52923r1_rule	ECRR-1	Low

Description
When the audit log reaches a given percent full, an audit event is written to the security log. It is recorded as a successful audit event under the category of System. This option may be especially useful if the audit logs are set to be cleared manually.

STIG	Date
Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide	2014-07-09

Details

Check Text ( None )
None

Fix Text (F-45849r2_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to "90" or less. (See "Updating the Windows Security Options File" in the STIG Overview document if MSS settings are not visible in the system's policy tools.)

Fix Text (F-45849r2_fix)

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to "90" or less.

(See "Updating the Windows Security Options File" in the STIG Overview document if MSS settings are not visible in the system's policy tools.)