CASA-FW-000100 – The Cisco ASA must be configured to use TCP when sending log records to the central audit server. – Logging Host

Details

If the default UDP protocol is used for communication between the hosts and devices to the Central Log Server, then log records that do not reach the log server are not detected as a data loss. The use of TCP to transport log records to the log servers improves delivery reliability.

Solution

Configure the ASA to use TCP when sending log records to the syslog server.

ASA(config)# logging host NDM_INTERFACE 10.1.22.2 6/1514
ASA(config)# logging permit-hostdown

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-239858r665860_rule
STIG-ID|CASA-FW-000100
Vuln-ID|V-239858

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles