Details

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained.

This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

Solution

Configure event logging to a remote events server to ensure that event logs are recorded on a different system.

To configure Syslog:
1. Log on to the Web Management Console.
2. Click Maintenance >> Event Logging >> Syslog.
3. Enter the IP address or name of a syslog server, click ‘OK’.
4. Repeat step 3 for any additional syslog servers.
5. Click ‘Apply’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system BlueCoat.

References

• 800-53|AU-9(2)
• CAT|II
• CCI|CCI-001348
• Rule-ID|SV-104509r1_rule
• STIG-ID|SYMP-NM-000140
• Vuln-ID|V-94679

Source

• Tenable.com/audits