← Back to HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

V-283401

CAT II (Medium)

The HPE Alletra Storage ArcusOS device must allocate a set number of audit records that can be stored on the system in accordance with organization-defined audit record storage requirements.

Rule ID

SV-283401r1194897_rule

STIG

HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001849

Discussion

Network devices must be able to allocate audit record storage capacity to ensure sufficient storage capacity in which to write the audit logs. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable. The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors.

Check Content

Verify the system is configured to limit the number of event logs stored on the system with the following command:

cli% showsys -param

----------Parameter-----------      ----Value----
RawSpaceAlertSSD :              100
RawSpaceAlertQLC :               0
RemoteSyslog :                1
RemoteSyslogHost  :          16.172.70.122
RemoteSyslogProfile :             None
RemoteSyslogSecurityHost:    16.172.70.200
SparingAlgorithm:          Default
EventLogSize:               10M
EventLogNum :            30

If "EventLogNum" is set to a value less than "30", this is a finding.

Fix Text

Configure the system to limit the number of event logs stored:

cli% setsys EventLogNum 30