STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Xylok Security Suite 20.x Security Technical Implementation Guide

V-269586

CAT I (High)

Xylok Security Suite must use a central log server for auditing records.

Rule ID

SV-269586r1155158_rule

STIG

Xylok Security Suite 20.x Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-003821CCI-000158CCI-001348CCI-001876CCI-001851CCI-001875CCI-001877CCI-001878CCI-001879CCI-001880CCI-001881CCI-001882CCI-001896CCI-003822CCI-003823CCI-003824CCI-003825CCI-003826CCI-003827CCI-003828CCI-003829CCI-003830CCI-003831CCI-003834CCI-003938CCI-001851

Discussion

Integrating a central log server for managing audit records within the Xylok Security Suite enhances security monitoring, incident response, and compliance efforts. By providing centralized logging, real-time analysis, and automated alerting, a central log server allows Xylok to maintain a robust security posture and effectively respond to potential threats, ultimately contributing to the organization's overall security strategy. Satisfies: SRG-APP-000745, SRG-APP-000115, SRG-APP-000125, SRG-APP-000181, SRG-APP-000358, SRG-APP-000362, SRG-APP-000363, SRG-APP-000364, SRG-APP-000365, SRG-APP-000366, SRG-APP-000367, SRG-APP-000368, SRG-APP-000369, SRG-APP-000370, SRG-APP-000376, SRG-APP-000750, SRG-APP-000755, SRG-APP-000760, SRG-APP-000765, SRG-APP-000770, SRG-APP-000775, SRG-APP-000780, SRG-APP-000785, SRG-APP-000790, SRG-APP-000795, SRG-APP-000800, SRG-APP-000805, SRG-APP-000515

Check Content

Verify that journald sends logs to rsyslog:

    # grep ForwardToSyslog /etc/systemd/journald.conf
    ForwardToSyslog=yes

If ForwardToSyslog is commented out or not set to "yes," this is a finding.

Verify that rsyslog is set to receive journald logs:

    # grep '\(imuxsock\|imjournal\)' /etc/rsyslog.conf /etc/rsyslog.d/*
    module(load="imuxsock") # provides support for local system logging
    module(load="imjournal") # provides access to the systemd journal

If either module is not present or disabled, this is a finding.

    # grep '[[:space:]]@.*' /etc/rsyslog.conf /etc/rsyslog.d/*
    *.*   @@yoursiem:1234

If rsyslog is not configured to forward logs to a central SIEM server, this is a finding.

Fix Text

Edit /etc/systemd/journald.conf to include at least these lines:

[Journal]
ForwardToSyslog=yes

Edit /etc/rsyslog.conf to include these lines:

module(load="imuxsock") # provides support for local system logging
module(load="imjournal") # provides access to the systemd journal
*.* @@yoursiem:1234

Ensure yoursiem:1234 points to the correct host and port for your network.

Restart journald and rsyslogd:

    # systemctl restar rsyslog systemd-journald