JUEX-NM-000620 - The Juniper EX switch must be configured to generate log records for a locally developed list of auditable events.

Information

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Solution

Configure the network device to generate audit log events for a locally developed list of auditable events.

set system syslog file <file name> messages any info
set system syslog file <file name> structured-data << (Optional) Only if structured data format is required
set system syslog host <external syslog address> any info
set system syslog host <external syslog address> structured-data << (Optional) Only if structured data format is required
set system syslog time-format year

If using REGEX or string match conditions:
set system syslog file <name> any <info|any>
set system syslog file <name> match <REGEX>
-or-
set system syslog file <name> match-strings [ 'string 1' 'string 2' ]

Item Details

Audit Name: DISA Juniper EX Series Network Device Management v2r4

Category: AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

Plugin: Juniper

Control ID: 442e09bc08e9c7394d27a88b0516ca9c7b2f792394fa20a49d868f84218506e2

Detections

Analytics

JUEX-NM-000620 - The Juniper EX switch must be configured to generate log records for a locally developed list of auditable events.

Information

Solution

See Also

Item Details