6.5 Ensure that Remote Syslog Servers are configured

Information

To ensure that logs are sent to external servers

Rationale:

Impact:

In case of hardware failure , logs stored locally can be lost. This impacts the ability of investigating security incidents and be in compliance with the requirements of logs retention period .

Solution

1-Log in to the Configuration utility.

2-Go to System > Logs > Configuration > Remote Logging.

3-For Remote IP, enter the destination syslog server IP address, or FQDN. (DNS server configuration required)

4-For Remote Port, enter the remote syslog server UDP port (default is 514).

5-Select Add.

6-Select Update.

See Also

https://workbench.cisecurity.org/files/3587

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6(3), CSCv7|6.5

Plugin: F5

Control ID: cb6234488d1ea887a41da8bcdcda1c5145753440c3a5280d4d9bbfe4c11b231d