Free DISA STIG and SRG Library | Vaulted

V-81113

The Central Log Server log records must be configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools.

Finding ID
SRG-APP-000088-AU-000040
Rule ID
SV-95827r1_rule
Severity
Cat III
CCE
(None)
Group Title
SRG-APP-000088-AU-000040
CCI
CCI-001353
Target Key
(None)
Documentable
No
Discussion

Without a standardized format for log records, the ability to perform forensic analysis may be more difficult. Standardization facilitates production of event information that can be more readily analyzed and correlated. Log information that is normalized to common standards promotes interoperability and exchange of such information between dissimilar devices and information systems. If logging mechanisms within applications that send records to the centralized audit system do not conform to standardized formats, the audit system may convert the records into a standardized format when compiling system-wide audit trails. Thus, although the application and other system components should send the information in a standardized format, ultimately the audit aggregation server is responsible for ensuring the records are compiled to meet this requirement.

Fix Text

Configure the Central Log Server log records to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools.

Check Content

Examine the configuration. Verify log records are configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by a typical analysis tools. If the Central Log Server log records are not configured to use the syslog protocol or another industry standard format (e.g., Windows event protocol) that can be used by typical analysis tools, this is a finding.