Details

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.

Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Solution

Configure the Cisco ASA to send critical to emergency log messages to the syslog server as shown in the example below.

ASA(config)# logging host NDM_INTERFACE 10.1.48.10
ASA(config)# logging trap critical
ASA(config)# end

Note: The parameter critical can replaced with a lesser severity (i.e., error, warning, notice, informational).

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Cisco.

References

• 800-53|AU-5(2)
• CAT|II
• CCI|CCI-001858
• Rule-ID|SV-239923r666132_rule
• STIG-ID|CASA-ND-000930
• Vuln-ID|V-239923

Source

• Tenable.com/audits