STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Riverbed NetIM NDM Security Technical Implementation Guide

V-275482

CAT II (Medium)

The Riverbed NetIM must off-load audit records onto a different system or media than the system being audited.

Rule ID

SV-275482r1147496_rule

STIG

Riverbed NetIM NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001851

Discussion

Information stored in one location on a disk may be vulnerable to accidental or incidental deletion or alteration. The ability to off-load those files is a common process used while managing information systems.

Check Content

Verify auditing is configured to send events to a central log server by using the following command: 
  
     $ sudo grep -i action(type="omfwd" target="<Syslog Server IP > " port="3514" protocol="tcp"
             action.resumeRetryCount="100"
             queue.type="linkedList" queue.size="10000")

If auditing is configured to send events to a central log server, this is a finding.

Fix Text

Configure "rsyslog.d" service to send NetIM audit logs to central syslog.  

1. Add or modify the following line in the "/etc/rsyslog.d" file: 

     $ sudo nano /etc/rsyslog.d/60-netim.conf

2. Add the following text:

    *.*  action(type="omfwd" target="<Syslog Server IP > " port="3514" protocol="tcp"
             action.resumeRetryCount="100"
             queue.type="linkedList" queue.size="10000")

3. Restart rsyslog service.

     $ sudo service rsyslog restart