STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Fortinet FortiGate Firewall NDM Security Technical Implementation Guide

V-234182

CAT II (Medium)

The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

Rule ID

SV-234182r961401_rule

STIG

Fortinet FortiGate Firewall NDM Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-001858

Discussion

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Check Content

Log in to the FortiGate GUI with Super-Admin privilege.

1. Click Security Fabric.
2. Click Automation.
3. Verify Automation Stitches are configured to send alerts related to audit processing failure.
4. For each Automation Stitch, verify a valid Action Email has been configured.

If Automation Stitches are not defined to trigger an immediate real-time alert of all audit processing failures, this is a finding.

Note: Relevant events for an Automation Stitch are below:

Disk Full
Disk Log access failed
Disk log directory deleted
Disk log file deleted 
Disk log full over first warning
Disk logs failed to back up
Disk logs failed to back up to USB
Disk partitioning or formatting Error
Disk unavailable
FortiAnalyzer connection down
FortiAnalyzer connection failed
FortiAnalyzer is not configured for Security Fabric service
FortiAnalyzer log access failed
Log disk failure imminent
Log disk full
Log disk unavailable
Memory log access failed
Memory log full over final warning level
Memory log full over first warning level
Memory log full over second warning level
Memory logs failed to back up

Fix Text

Log in to the FortiGate GUI with Super-Admin privilege.

1. Click Security Fabric.
2. Click Automation.
3. Click +Create New (Automation Stitch).
4. Assign a meaningful name.
5. For Trigger, select FortiOS Event Log.
6. For Event field, Click + (and choose a specific event type).
7. For Action, select Email, specify recipients, and Email subject.
8. Click OK.

Note: The following are all relevant Event Log entries. For most complete coverage, configure an Automation Stitch for each of the Event Log entries below:

Disk Full
Disk Log access failed
Disk log directory deleted
Disk log file deleted 
Disk log full over first warning
Disk logs failed to back up
Disk logs failed to back up to USB
Disk partitioning or formatting Error
Disk unavailable
FortiAnalyzer connection down
FortiAnalyzer connection failed
FortiAnalyzer is not configured for Security Fabric service
FortiAnalyzer log access failed
Log disk failure imminent
Log disk full
Log disk unavailable
Memory log access failed
Memory log full over final warning level
Memory log full over first warning level
Memory log full over second warning level
Memory logs failed to back up