Syslog messages must be retained for a minimum of 30 days online and then stored offline for one year.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-251374 | NET1026 | NET1026 | SV-251374r806077_rule | 2024-08-02 | 10 |
| Description |
|---|
| Logging is a critical part of router security. Maintaining an audit trail of system activity logs (syslog) can help identify configuration errors, understand past intrusions, troubleshoot service disruptions, and react to probes and scans of the network. |
| ℹ️ Check |
|---|
| Examine the syslog server to verify that it is configured to store messages for at least 30 days. Have the administrator show you the syslog files stored offline for one year. If the syslog messages are not kept online for thirty days and offline for one year, this is a finding. |
| ✔️ Fix |
|---|
| Configure the syslog server to store messages for at least 30 days on-line. The administrator must establish a strategy for storing the logs off-line for minimum of 1 year. |