The Edge SWG must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279265 | SRG-APP-000357-NDM-000293 | SYME-ND-000680 | SV-279265r1170559_rule | 2025-12-18 | 1 |
| Description |
|---|
| Network devices must be able to allocate audit record storage capacity to ensure sufficient storage capacity in which to write the audit logs. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable. The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors. |
| ℹ️ Check |
|---|
| 1. In the Edge SWG Web UI, navigate to the Administration tab. 2. Select the "Logging" and "Event Logging" areas. Scroll down to the "General Settings" section. If "Limit Event Log File Size" is not enabled and set to a site's defined number or 101 MB, this is a finding. |
| ✔️ Fix |
|---|
| 1. In the Edge SWG Web UI, navigate to the Administration tab. 2. Select the "Logging" and "Event Logging" areas. 3. Scroll down to the "General Settings" section. 4. Enable the settings and set the "Limit Event Log File Size" to at least 101 MB or a site-defined number. |