The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.
Configure the application server to off-load interconnected systems in real time and standalone systems weekly.
Verify the log records are being off-loaded, at a minimum of real time for interconnected systems and weekly for standalone systems. If the application server is not meeting these requirements, this is a finding.