The firewall implementation must support centralized management and configuration of the content to be captured in log records.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000333-FW-000213 | SRG-NET-000333-FW-000213 | SRG-NET-000333-FW-000213_rule | Medium |
| Description |
|---|
| Without the ability to centrally manage the content captured in the log records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an attack. Centralized management and storage of log records increases efficiency in maintenance and management of records as well as facilitates the backup and archiving of those records. Network elements such as firewalls and components with Access Control Lists must have the capability to support centralized logging. They must be configured to send log messages to centralized, redundant servers and be capable of being remotely configured to change logging parameters (such as facility and severity levels). |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000333-FW-000213_chk ) |
|---|
| Review the configuration of the firewall implementation. If the firewall implementation is not configured to send log messages to the log servers, this is a finding. |
| Fix Text (F-SRG-NET-000333-FW-000213_fix) |
|---|
| Configure the firewall implementation to send log messages to the log servers. |