STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-5 (1) — Response to Audit Logging Process Failures

CCI-001855

Definition

Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.

Parent Control

AU-5 (1)Response to Audit Logging Process FailuresAudit and Accountability

Linked STIG Checks (121)

V-274071CAT IIAmazon Linux 2023 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Amazon Linux 2023 Security Technical Implementation Guide V-274072CAT IIAmazon Linux 2023 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.Amazon Linux 2023 Security Technical Implementation Guide V-274073CAT IIAmazon Linux 2023 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Amazon Linux 2023 Security Technical Implementation Guide V-274074CAT IIAmazon Linux 2023 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Amazon Linux 2023 Security Technical Implementation Guide V-274075CAT IIAmazon Linux 2023 must immediately notify the system administrator (SA) and information system security officer (ISSO), at a minimum, of an audit processing failure event.Amazon Linux 2023 Security Technical Implementation Guide V-268101CAT IINixOS must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent utilization.Anduril NixOS Security Technical Implementation Guide V-214234CAT IIThe Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214350CAT IIThe Apache web server must use a logging mechanism that is configured to provide a warning to the Information System Security Officer (ISSO) and System Administrator (SA) when allocated record storage volume reaches 75 percent of maximum log record storage capacity.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-252474CAT IIThe macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257180CAT IIIThe macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268468CAT IIThe macOS system must configure audit capacity warning.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277075CAT IIThe macOS system must configure audit capacity warning.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222483CAT IIThe application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Application Security and Development Security Technical Implementation Guide V-204790CAT IIThe application server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.Application Server Security Requirements Guide V-272637CAT IICylanceON-PREM must be configured to use an external database if users exceed 30,000.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219152CAT IIIThe Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238307CAT IIIThe Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260596CAT IIIUbuntu 22.04 LTS must immediately notify the system administrator (SA) and information system security officer (ISSO) when the audit record storage volume reaches 25 percent remaining of the allocated capacity.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270818CAT IIIUbuntu 24.04 LTS must immediately notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206492CAT IIIThe Central Log Server must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.Central Log Server Security Requirements Guide V-269519CAT IIAlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269520CAT IIAlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269521CAT IIAlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269522CAT IIAlmaLinux OS 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent usage.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233170CAT IIThe container platform must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Container Platform Security Requirements Guide V-233599CAT IIThe system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261919CAT IIPostgreSQL must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206592CAT IIThe DBMS must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.Database Security Requirements Guide V-235834CAT IILog aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224198CAT IIThe EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213623CAT IIThe EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259279CAT IIThe EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-229005CAT IIIThe BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5 BIG-IP Device Management Security Technical Implementation Guide V-203702CAT IIIThe operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.General Purpose Operating System Security Requirements Guide V-230175CAT IIThe HP FlexFabric Switch must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.HP FlexFabric Switch NDM Security Technical Implementation Guide V-213721CAT IIDB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65145CAT IIIThe DataPower Gateway must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.IBM DataPower Network Device Management Security Technical Implementation Guide V-255786CAT IIThe MQ Appliance messaging server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255758CAT IIThe MQ Appliance network device must generate an immediate alert when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-223549CAT IIIBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set.IBM z/OS ACF2 Security Technical Implementation Guide V-223772CAT IIIBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set.IBM z/OS RACF Security Technical Implementation Guide V-213869CAT IISQL Server, the operating system, or the storage system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213984CAT IISQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205555CAT IIThe Mainframe Product must provide an immediate warning to the system programmer and security administrator (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Mainframe Product Security Requirements Guide V-253728CAT IIMariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220381CAT IIMarkLogic Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MarkLogic Server v9 Security Technical Implementation Guide V-255344CAT IIAzure SQL Database must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Microsoft Azure SQL Database Security Technical Implementation Guide V-276253CAT IIAzure SQL Managed Instance must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-271344CAT IISQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-221190CAT IIMongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252173CAT IIMongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265939CAT IIMongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279376CAT IIMongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254104CAT IINutanix AOS must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75 percent of maximum log record storage capacity.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-279425CAT IINutanix Cluster Check (NCC) must be configured to provide alerts to the system administrator (SA) and information system security officer (ISSO), immediately when audit storage reaches 75 percent capacity.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279568CAT IIINutanix OS must immediately notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Nutanix Acropolis GPOS Security Technical Implementation Guide V-238452CAT IIThe DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.Oracle Database 11.2g Security Technical Implementation Guide V-237717CAT IIThe DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.Oracle Database 12c Security Technical Implementation Guide V-270508CAT IIThe Oracle Database, or the logging or alerting mechanism the application uses, must provide a warning when allocated audit record storage volume record storage volume reaches 75 percent of maximum audit record storage capacity.Oracle Database 19c Security Technical Implementation Guide V-221774CAT IIThe Oracle Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Oracle Linux 7 Security Technical Implementation Guide V-221775CAT IIThe Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached.Oracle Linux 7 Security Technical Implementation Guide V-221776CAT IIThe Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached.Oracle Linux 7 Security Technical Implementation Guide V-248818CAT IIOL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Oracle Linux 8 Security Technical Implementation Guide V-248819CAT IIOL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.Oracle Linux 8 Security Technical Implementation Guide V-271591CAT IIThe OL 9 system administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.Oracle Linux 9 Security Technical Implementation Guide V-271599CAT IIOL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Oracle Linux 9 Security Technical Implementation Guide V-271600CAT IIOL 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent utilization.Oracle Linux 9 Security Technical Implementation Guide V-271601CAT IIOL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Oracle Linux 9 Security Technical Implementation Guide V-271603CAT IIOL 9 must act when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Oracle Linux 9 Security Technical Implementation Guide V-235175CAT IIThe MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Oracle MySQL 8.0 Security Technical Implementation Guide V-228661CAT IIIThe Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Palo Alto Networks NDM Security Technical Implementation Guide V-214133CAT IIThe system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.PostgreSQL 9.x Security Technical Implementation Guide V-252846CAT IIRancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-281104CAT IIRHEL 10 must take action when allocated audit record storage volume reaches 75 percent of the audit record storage capacity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281107CAT IIRHEL 10 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281108CAT IIRHEL 10 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281113CAT IIRHEL 10 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281114CAT IIRHEL 10 must notify the system administrator (SA) and/or information system security officer (ISSO) (at a minimum) of an audit processing failure.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204513CAT IIThe Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204514CAT IIThe Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204515CAT IIThe Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230483CAT IIRHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-244543CAT IIRHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258156CAT IIRHEL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258157CAT IIRHEL 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent utilization.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258158CAT IIRHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258159CAT IIRHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258163CAT IIRHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-251197CAT IIRedis Enterprise DBMS must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.Redis Enterprise 6.x Security Technical Implementation Guide V-275682CAT IIIUbuntu OS must immediately notify the system administrator (SA) and information system security officer (ISSO) when the audit record storage volume reaches 25 percent remaining of the allocated capacity.Riverbed NetIM OS Security Technical Implementation Guide V-261414CAT IISLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217193CAT IIThe SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-219965CAT IIThe audit system must alert the SA when the audit storage volume approaches its capacity.Solaris 11 SPARC Security Technical Implementation Guide V-219993CAT IIThe audit system must alert the SA when the audit storage volume approaches its capacity.Solaris 11 X86 Security Technical Implementation Guide V-221625CAT IIISplunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251669CAT IIISplunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241004CAT IITanium must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Tanium 7.0 Security Technical Implementation Guide V-234064CAT IIThe Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Tanium 7.3 Security Technical Implementation Guide V-254935CAT IIThe Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254863CAT IIThe Tanium operating system (TanOS) must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253793CAT IIThe Tanium application must provide an immediate warning to the system administrator and information system security officer (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Tanium 7.x Security Technical Implementation Guide V-241159CAT IITrend Deep Security must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-282427CAT IITOSS 5 system administrators (SAs) and/or information system security officer (ISSOs) (at a minimum) must be alerted of an audit processing failure event.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282569CAT IITOSS 5 must act when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282570CAT IITOSS 5 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282571CAT IITOSS 5 must act when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282572CAT IITOSS 5 must act when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-240305CAT IIThe vRA PostgreSQL database must be configured to use a syslog facility.VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide V-239805CAT IIThe vROps PostgreSQL DB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide V-240262CAT IIThe web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240504CAT IIThe SLES for vRealize must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240847CAT IItc Server ALL must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-239598CAT IIThe SLES for vRealize must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-241703CAT IItc Server ALL must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256529CAT IIThe Photon operating system must configure auditd to log space limit problems to syslog.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256608CAT IIVMware Postgres must be configured to log to "stderr".VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-256609CAT II"Rsyslog" must be configured to monitor VMware Postgres logs.VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258845CAT IIIThe Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207454CAT IIThe VMM must provide an immediate warning to the SA and ISSO, at a minimum, when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Virtual Machine Manager Security Requirements Guide V-206424CAT IIThe web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.Web Server Security Requirements Guide