Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-233324	SRG-NET-000334-NAC-001350	FORE-NC-000160	SV-233324r856510_rule	2024-12-19	2

Description
Having a separate, secure location for log records is essential to the preservation of logs as required by policy.

ℹ️ Check
If DoD is not at C2C Step 1 or higher, this is not a finding. 1. Go to Tools >> Options >> Syslog. 2. Verify a syslog server's IP address is configured. If each Forescout device does not offload log records to a separate device, this is a finding.

✔️ Fix
Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity. 1. Go to Tools >> Options >> Syslog. 2. Click Add/Edit. 3. Configure the Syslog: - Syslog Server IP address - Server Port - Server Protocol set to TCP - Check the Use TLS setting - Configure the Identity, Facility, and Severity. 4. Click "Ok". 5. Click "Apply".

✔️ Fix

Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity. 1. Go to Tools >> Options >> Syslog. 2. Click Add/Edit. 3. Configure the Syslog: - Syslog Server IP address - Server Port - Server Protocol set to TCP - Check the Use TLS setting - Configure the Identity, Facility, and Severity. 4. Click "Ok". 5. Click "Apply".