FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.

Information

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Login via the GUI with super-admin privileges.

1. Click Log and Report.
2. Click Log Settings.

To add a FortiAnalyzer:
- In the Remote Logging and Archiving, enable logging to FortiAnalyzer and provide the IP address.

To add a Syslog server:
- In the Remote Logging and Archiving, enable Send logs to Syslog and provide the IP address.

3. Apply changes.

or

1. Open a CLI console via SSH or from the 'CLI Console' button in the GUI.

2. Configure a fortianalyzer or syslog server with the following commands:

FortiAnalyzer:
# config log fortianalyzer setting
# set status enable
# set server {IP Address}
# set upload-option realtime
# end

Syslog:
# config log syslogd setting
# set status enable
# set server {IP Address}
# set mode reliable
# end

Item Details

Audit Name: DISA Fortigate Firewall NDM STIG v1r4

Category: AUDIT AND ACCOUNTABILITY

Plugin: FortiGate

Control ID: b3d2ffea52f3e3a994a38623e4bfe07c85f3a7c28aaba579200bab4983af7630

Detections

Analytics

FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.

Information

Solution

See Also

Item Details