1.10.12 Ensure email logging is configured for critical to emergency

Information

Enables logs to be sent to an email recipient for critical to emergency logs' severity levels

Rationale:

In some cases, the notifications of the Syslog server or the NMS system can be delayed by the time taken to process the logs and build the reports. Some system's events require an immediate intervention of the administrator and it in this case, the logs generated should be directly sent to the administrator email address.

Solution

* Step 1: Run the following to enable email logging for logs with severity level from critical and above (critical, alert and emergency)

HOSTNAME(CONFIG)#LOGGING MAIL CRITICAL

* Step 2: Obtain from the mail server administrator to create an firewall email account <firewall_email_account> and run the following to enable the account as email source address in the firewall

HOSTNAME(CONFIG)#LOGGING FROM-ADDRESS _<firewall_email_account>_

* Step 3: Acquire the firewall administrator email account <firewall_admin_email> and run the following for the security appliance to send logs to its administrator email account

HOSTNAME(CONFIG)#LOGGING RECIPIENT-ADDRESS _<firewall_admin_email>_

* Step 4: Obtain from the mail server administrator the mail server IP address <mail_server_ip> and run the following to configure it in the firewall

HOSTNAME(CONFIG)#SMTP-SERVER _<mail_server_ip>_

See Also

https://workbench.cisecurity.org/files/1903

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: 7ad4a7bb1eb2138eaf489badbe82bbd601bee5b1c132ac62ed1de87e4e47e368