Rule ID
SV-284537r1244947_rule
Version
V1R1
CCIs
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Satisfies: SRG-APP-000516-NDM-000350
1. In the Web UI, navigate to System >> Log/Monitoring >> Events >> Settings. 2. Verify "Select Events to Log" is configured to log all items. 3. Verify "Syslog Servers" is configured with a remote syslog server name/IP address. 4. Verify "TSL" is selected. If events access log audit records are not configured to be sent to a remote centralized syslog server, this is a finding.
1. In the Web UI, navigate to System >> Log/Monitoring >> User Access >> Settings. 2. Under "Select Events to Log", check all items. 3. Under "syslog Servers" add an IP address/server name/IP. 4. Set the facility to "LOCAL0". 5. Set type to "TLS". 6. Optionally, if only a client certificate is required for the syslog server, select the client certificate to use for the syslog traffic. If none exists, import the DoW-signed client key pair to the Policy Secure under System >> Configuration >> Certificates >> Client Auth Certificates. 7. Set the standard filer. 8. Set the source interface as either the management or internal interface. 9. Click "Add". 10. Click "Save Changes".