The Juniper router must be configured to generate an alert for all audit failure events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-217333 | JUNI-ND-000990 | SV-217333r991991_rule | CCI-001858 | medium |
| Description | ||||
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less). | ||||
| STIG | Date | |||
| Juniper Router NDM Security Technical Implementation Guide | 2024-12-05 | |||
Details
Check Text (C-217333r991991_chk)
Review the router configuration to verify that it is compliant with this requirement as shown in the example below.
system {
syslog {
host x.x.x.x {
any critical;
}
}
Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, info).
If the router is not configured to generate an alert for all audit failure events, this is a finding.
Fix Text (F-18558r296578_fix)
Configure the router to send critical to emergency log messages to the syslog server as shown in the example below.
set syslog host x.x.x.x any critical
Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, info).