Details
Logs and events should be monitored.
Rationale:
Even after you have applied all of the settings in this guide, there is no such thing as perfect security. All systems are potentially vulnerable, be it to undiscovered software bugs, social engineering or other risks.
System logs, SNMP traps and any other information generated by your network devices should be monitored for changes and suspicious activity at least daily. Remember that your TACACS+ or RADIUS server may also produce logs detailing logins and what commands users issue.
If your systems produce more logging then you can actively monitor, consider using a Security Information and Event Manager type system. SIEM software consolidates and analyzes log information from across your organization, detecting security incidents and providing detailed, joined up information to aide your incident response and investigation.
Some popular SIEM systems include:
Juniper Secure Analytics (JSA)
RSA NetWitness
IBM QRadar (Which is also the basis of the Juniper JSA product)
AlienVault USM
OSSIM (now also operated by AlienVault)
Splunk
This is not intended as a recommendation of individual SIEM or SIM products, nor as an exhaustive list.
Watch your Internet Routers!, Internet Storm Center Diary, SANS Institute https://isc.sans.org/diary.html?storyid=6100
Payment Card Industry Data Security Standard (PCI DSS), Version 3.2.1, Requirement 10.6
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Juniper.