The Central Log Server must be configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

From Central Log Server Security Requirements Guide

Associated with: CCI-000366

SRG-APP-000516-AU-000380_rule The Central Log Server must be configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

Vulnerability discussion

This requirement supports prioritization functions, which is a major reason why centralized management is a requirement in DoD. This includes different features that help highlight the important events over less critical security events. This may be accomplished by correlating security events with vulnerability data or other asset information. Prioritization algorithms often use severity information provided by the original log source as well.

Check content

Examine the configuration. Verify the Central Log Server is configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts. If the Central Log Server is not configured with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts, this is a finding.

Fix text

Configure the Central Log Server with the organization-defined severity or criticality levels of each event that is being sent from individual devices or hosts.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.