Rule ID
SV-273820r1110843_rule
Version
V1R1
CCIs
To ensure network devices have a sufficient storage capacity in which to write the audit logs, they must be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable. The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors.
Verify the log size complies with organization-defined audit record storage:
ICX# show logging
Syslog logging: enabled ( 0 messages dropped, 0 flushes, 7 overruns)
Buffer logging: level ACDMEINW, 4000 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
I=informational N=notification W=warning
Static Log Buffer:
May 01 19:30:50:I:System: Stack unit 1 POE PS 1, Internal Power supply with 370000 mwatts capacity is up
May 01 19:30:55:I:System: Stack unit 1 Fan 1 (Rear Side Right), ok
May 01 19:30:55:I:System: Stack unit 1 Fan 2 (Rear Side Left), ok
Dynamic Log Buffer (4000 lines):
Jul 31 14:24:54:I:CLI CMD: "show logging" by local user from ssh
If the size of the Dynamic Log Buffer does not meet organization-defined audit record storage requirements, this is a finding.Configure logging: ICX(config)#logging buffered 4000 Note: Reload may be required to put new log size into effect.