The Central Log Server must be configured to off-load log records onto a different system or media than the system being audited.

From Central Log Server Security Requirements Guide

Associated with: CCI-001851

SRG-APP-000358-AU-000100_rule The Central Log Server must be configured to off-load log records onto a different system or media than the system being audited.

Vulnerability discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. Although this may be part of the operating system function, for the enterprise events management system, this is most often a function managed through the application since it is a critical function and requires the use of a large amount of external storage.

Check content

Note: This is not applicable (NA) if an external application or operating system manages this function. Examine the configuration. Verify the system is configured to off-load log records onto a different system or media than the system being audited. If the Central Log Server is not configured to off-load log records onto a different system or media than the system being audited, this is a finding.

Fix text

Configure the Central Log Server to off-load log records onto a different system or media than the system being audited.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.