The Central Log Server must be configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum.

From Central Log Server Security Requirements Guide

Associated with: CCI-001851

SV-95891r1_rule The Central Log Server must be configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum.

Vulnerability discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. Although this may be part of the operating system function, for the enterprise events management system, this is most often a function managed through the application since it is a critical function and requires the use of a large amount of external storage.

Check content

Note: This is not applicable (NA) if an external application or operating system manages this function. Examine the configuration. Verify the system is configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum. If the Central Log Server is not configured to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum, this is a finding.

Fix text

Configure the Central Log Server to off-load interconnected systems in real time and off-load standalone systems weekly, at a minimum.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.