From Central Log Server Security Requirements Guide
Part of SRG-APP-000086-AU-000020
Associated with: CCI-000174
If the application is not configured to collate records based on the time when the events occurred, the ability to perform forensic analysis and investigations across multiple components is significantly degraded. Centralized log aggregation must also include logs from databases and servers (e.g., Windows) that do not natively send logs using the syslog protocol.
Examine the documentation that lists the scope of coverage for the specific log server being reviewed. Verify the system is configured to aggregate log records from organization-defined devices and hosts within its scope of coverage. If the Central Log Server is not configured to aggregate log records from organization-defined devices and hosts within its scope of coverage, this is a finding.
For each log server, configure the server to aggregate log records from organization-defined devices and hosts within its scope of coverage.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer