STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Central Log Server Security Requirements Guide

V-206512

CAT II (Medium)

The Central Log Server must be configured to retain the identity of the original source host or device where the event occurred as part of the log record.

Rule ID

SV-206512r961863_rule

STIG

Central Log Server Security Requirements Guide

Version

V3R4

CCIs

CCI-000366

Discussion

In this case the information producer is the device based on IP address or some other identifier of the device producing the information. The source of the record must be bound to the record using cryptographic means. Some events servers allow the administrator to retain only portions of the record sent by devices and hosts. This requirement applies to log aggregation servers with the role of fulfilling the DoD requirement for a central log repository. The syslog, SIEM, or other event servers must retain this information with each log record to support incident investigations.

Check Content

Examine the configuration.

Verify the Central Log Server is configured to include the identity of the original source host or device where the event occurred as part of each aggregated log record.

If the Central Log Server is not configured to include the identity of the original source host or device where the event occurred as part of the aggregated log record, this is a finding.

Fix Text

Configure the Central Log Server to include the identity of the original source host or device as part of each aggregated log record.