AMLS-NM-000400 – The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time – trap logging

Details

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Off-loading is a common process in information systems with limited audit storage capacity.

Solution

Configure the network device to off-load interconnected systems in real time and off-load standalone systems weekly.

Arista EOS logs can be exported to, including by a regular syslog server.

Configuration Example:

switch(config)#logging host[ a.b.c.d]
switch(config)#logging trap informational

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Arista_MLS_DCS-7000_Series_Y20M07_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Arista.

References

800-53|AU-4(1)
CAT|II
CCI|CCI-001851
Group-ID|V-60881
Rule-ID|SV-75339r1_rule
STIG-ID|AMLS-NM-000400
Vuln-ID|V-60881

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles