4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.8 Ensure audit logs are stored on a different system. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.11 Ensure off-load of audit logs - direction | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.11 Ensure off-load of audit logs - path | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.11 Ensure off-load of audit logs - type | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
4.7 Enable use of the au-remote plugin | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
4.8 Ensure off-load of audit logs - direction | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
4.8 Enure off-load of audit logs - path | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
4.8 Enure off-load of audit logs - type | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
4.10 Ensure off-loaded audit logs are labeled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.' | CIS v1.1.0 Oracle 11g OS L1 | Unix | AUDIT AND ACCOUNTABILITY |
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
4.11 init.ora - 'Specify redo logging must be successful.' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
Auditing and logging - server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
Big Sur - Off-Load Audit Records | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trap | DISA STIG Cisco ASA NDM v1r6 | Cisco | AUDIT AND ACCOUNTABILITY |
Catalina - Off-Load Audit Records | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
DO0238-ORACLE11 - The directories assigned to the LOG_ARCHIVE_DEST* parameters should be protected from unauthorized access - 'log_archive_duplex_dest parameter is not configured' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
Ensure 'syslog hosts' is configured correctly | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM iSeries Security Reference v5r4 | AS/400 | AUDIT AND ACCOUNTABILITY |
IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
Logging: capture level is set to at least info | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
Logging: Use an external syslog host | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA MariaDB Enterprise 10.x v1r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
Monterey - Off-Load Audit Records | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
MYS8-00-009700 - The MySQL Database Server 8.0 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA Oracle MySQL 8.0 v1r5 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
OL08-00-030062 - OL 8 must label all offloaded audit logs before sending them to the central log server. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
RHEL-09-652035 - RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
RHEL-09-653065 - RHEL 9 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
SYMP-AG-000210 - Symantec ProxySG must use a centralized log server. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
Syslog Remote Destination - Host | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
UBTU-20-010216 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | DISA STIG Ubuntu 20.04 LTS v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
WN22-AU-000010 - Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | DISA Windows Server 2022 STIG v1r4 | Windows | AUDIT AND ACCOUNTABILITY |