STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC must, at a minimum, off-load audit log records onto a centralized log server.

DISA Rule

SV-237059r639624_rule

Vulnerability Number

V-237059

Group Title

SRG-NET-000511-ALG-000051

Rule Version

AADC-AG-000140

Severity

CAT III

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Since the Audit log is separate from the Event log, it must have its own target to write messages to:
logging auditlog host [ipaddr | hostname][facility facility-name]

“ipaddr | hostname” is the IP address or hostname of the server.
“facility-name” is the name of a log facility.

Check Contents

Review the device configuration.

The following command shows the portion of the device configuration that includes the string "host":
show run | inc host

If the output does not display the "logging auditlog host" commands, this is a finding.

The following command shows the logging policy:
show log policy

If Syslog logging is disabled, this is a finding.

Vulnerability Number

V-237059

Documentable

False

Rule Version

AADC-AG-000140

Severity Override Guidance

Review the device configuration.

The following command shows the portion of the device configuration that includes the string "host":
show run | inc host

If the output does not display the "logging auditlog host" commands, this is a finding.

The following command shows the logging policy:
show log policy

If Syslog logging is disabled, this is a finding.

Check Content Reference

M

Target Key

5285

Comments