Audits
Settings
Links
Tenable.io
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Links
Tenable.io
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Audits
References
CCI
CCI-001851
CCI
CCI|CCI-001851
Title
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2013
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
4.1.2.3 Ensure audit system is set to single when the disk is full.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errors
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - direction
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - path
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - type
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is full
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trail
Unix
DISA STIG AIX 7.x v2r6
AIX7-00-002131 - AIX must implement a remote syslog server that is documented using site-defined procedures.
Unix
DISA STIG AIX 7.x v2r6
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging host
Arista
DISA STIG Arista MLS DCS-7000 Series NDM v1r3
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap logging
Arista
DISA STIG Arista MLS DCS-7000 Series NDM v1r3
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Off-Load Audit Records
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging host
Cisco
DISA STIG Cisco ASA NDM v1r1
CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trap
Cisco
DISA STIG Cisco ASA NDM v1r1
Catalina - Off-Load Audit Records
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-001310 - The Cisco router must be configured to off-load log records onto a different system than the system being audited.
Cisco
DISA STIG Cisco IOS-XR Router NDM v2r2
CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited.
Cisco
DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.
Cisco
DISA STIG Cisco IOS XE Router NDM v2r5
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.
Cisco
DISA STIG Cisco IOS Router NDM v2r4
CISC-ND-001450 - The Cisco switch must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).
Cisco
DISA STIG Cisco IOS Switch NDM v2r4
CISC-ND-001450 - The Cisco switch must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Cisco
DISA STIG Cisco IOS XE Switch NDM v2r4
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
Unix
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
Windows
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM).
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
ESXI-06-400004 - The VMM must off-load audit records onto a different system or media than the system being audited by configuring remote logging.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000004 - Remote logging for ESXi hosts must be configured.
VMware
DISA STIG VMware vSphere 6.7 ESXi v1r2
F5BI-DM-000257 - The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.
F5
DISA F5 BIG-IP Device Management 11.x STIG v2r1
FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.
FortiGate
DISA Fortigate Firewall NDM STIG v1r3
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - fortianalyzer status
FortiGate
DISA Fortigate Firewall STIG v1r3
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - syslogd status
FortiGate
DISA Fortigate Firewall STIG v1r3
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'
Unix
DISA STIG for Oracle Linux 5 v2r1
