Details

In order to ensure network devices have a sufficient storage capacity in which to write the audit logs, they need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable.

The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors.

Solution

Configure the buffer size for logging as shown in the example below.

ASA(config)# logging flash-maximum-allocation nnnnnnn
ASA(config)# logging flash-minimum-free nnnnnnn

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Cisco.

References

• 800-53|AU-4
• CAT|II
• CCI|CCI-001849
• Rule-ID|SV-239922r666129_rule
• STIG-ID|CASA-ND-000920
• Vuln-ID|V-239922

Source

• Tenable.com/audits