STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Central Log Server Security Requirements Guide

V-206514

CAT II (Medium)

The Central Log Server must be configured to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

Rule ID

SV-206514r961863_rule

STIG

Central Log Server Security Requirements Guide

Version

V3R4

CCIs

CCI-000366

Discussion

Notification may be configured to be sent by the device, SNMP server, or Central Log Server. The best practice is for these notifications to be sent by a robust events management server. This is a function provided by most enterprise-level SIEMs. If the Central Log Server does not provide this function, it must forward the log records to a log server that does.

Check Content

Note: This is not applicable (NA) if the Central Log Server (e.g., syslog, SIEM) does not perform analysis. This is NA if notifications are performed by another device. 

Examine the configuration.

Verify the Central Log Server is configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.

If the Central Log Server is not configured to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage, this is a finding.

Fix Text

Configure the Central Log Server to notify the SA and ISSO, at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage.