FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.

Information

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Login via the GUI with super-admin privileges.

1. Click Log and Report.
2. Click Log Settings.

To add a FortiAnalyzer:
- In the Remote Logging and Archiving, enable logging to FortiAnalyzer and provide the IP address.

To add a Syslog server:
- In the Remote Logging and Archiving, enable Send logs to Syslog and provide the IP address.

3. Apply changes.

or

1. Open a CLI console via SSH or from the 'CLI Console' button in the GUI.

2. Configure a fortianalyzer or syslog server with the following commands:

FortiAnalyzer:
# config log fortianalyzer setting
# set status enable
# set server {IP Address}
# set upload-option realtime
# end

Syslog:
# config log syslogd setting
# set status enable
# set server {IP Address}
# set mode reliable
# end

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_FN_FortiGate_Firewall_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-234181r879886_rule, STIG-ID|FGFW-ND-000110, Vuln-ID|V-234181

Plugin: FortiGate

Control ID: b3d2ffea52f3e3a994a38623e4bfe07c85f3a7c28aaba579200bab4983af7630