← Back to F5 BIG-IP Device Management Security Technical Implementation Guide

V-229005

CAT III (Low)

The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

Rule ID

SV-229005r961863_rule

STIG

F5 BIG-IP Device Management Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000366 CCI-001855

Discussion

If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion. This could lead to the loss of audit information. Note that while the network device must generate the alert, notification may be done by a management server.

Check Content

Verify the BIG-IP appliance is configured to use a properly configured syslog server that generates an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. 

Navigate to the BIG-IP System manager >> System >> Logs >> Configuration >> Remote Logging.

Verify a syslog destination is configured that generates an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

If an immediate alert is not generated when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity, this is a finding.

Fix Text

Configure the BIG-IP appliance to use a properly configured syslog server to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.