Rule ID
SV-254104r961398_rule
Version
V1R2
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Log processing failures include software/hardware errors, failures in the log capturing mechanisms, and log storage capacity being reached or exceeded. Notification of the storage condition will allow administrators to take actions so that logs are not lost. This requirement can be met by configuring the application server to utilize a dedicated logging tool that meets this requirement. Satisfies: SRG-APP-000359-AS-000065, SRG-APP-000360-AS-000066
Confirm Nutanix Cluster Check (NCC) "CVM DISK | System Audit Volume Usage" is enabled and the threshold values are set correctly. 1. Log in to Prism Element. 2. Select "Health dashboard" from navigation dropdown. 3. Select Actions >> Manage Checks. 4. Scroll down to CVM | Disk section, and then select "System Audit Volume Usage". If the selected check is Disabled, this is a finding. Validate the Alert Policy settings for Warning and Critical are set to 75 percent. If the Warning or Critical values are not set to 75 percent, this is a finding.
Configure Nutanix Cluster Check (NCC) "CVM DISK | System Audit Volume Usage" is enabled and the threshold values are set to organization-defined values. 1. Log in to Prism Element. 2. Select "Health dashboard" from navigation dropdown. 3. Select Actions >> Manage Checks. 4. Scroll down to CVM | Disk section, select "System Audit Volume Usage". 5. If check is disabled, click to enable the check. 6. Select "Alert Policy", set the values for "Warning" and "Critical" thresholds to 75 percent and click "Save".