Audit Records do not contain all required fields.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18763 | EMG2-840 Exch2K3 | SV-20457r1_rule | ECAR-1 | Low |
| Description |
|---|
| Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This item declares the fields that must be available in audit log file records in order to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: • Account • Event Code and Type • Success or Failure Indication • Time/date • Interface IP address • Manufacturer-specific event name • Source and destination IP addresses • Source and destination port numbers • Network Protocol |
| STIG | Date |
|---|---|
| Microsoft Exchange Server 2003 | 2014-08-19 |
Details
| Check Text ( C-22478r1_chk ) |
|---|
| Interview the e-mail administrator or IAO. Access the Exchange 2003 Server log files. Review log file examples. Criteria: If E-mail audit records contain required events: • Account • Event Code and Type • Success or Failure Indication • Time/date • Interface Internet Protocol (IP) address • Manufacturer-specific event name • Source and destination IP addresses • Source and destination port numbers • Network Protocol This is not a finding. |
| Fix Text (F-19416r1_fix) |
|---|
| Ensure that E-mail audit records contain required fields, to the degree that Exchange 2003 is able to provide them. Procedure: If logging levels are available that increase reported information, they should be used. |