The RUCKUS ICX device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273820 | RCKS-NDM-000650 | SV-273820r1110843_rule | Medium |
| Description |
| To ensure network devices have a sufficient storage capacity in which to write the audit logs, they must be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial device setup if it is modifiable. The value for the organization-defined audit record storage requirement will depend on the amount of storage available on the network device, the anticipated volume of logs, the frequency of transfer from the network device to centralized log servers, and other factors. |
| STIG | Date |
| RUCKUS ICX NDM Security Technical Implementation Guide | 2025-05-28 |
Details
| Check Text (C-77911r1110639_chk) |
| Verify the log size complies with organization-defined audit record storage: ICX# show logging Syslog logging: enabled ( 0 messages dropped, 0 flushes, 7 overruns) Buffer logging: level ACDMEINW, 4000 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: May 01 19:30:50:I:System: Stack unit 1 POE PS 1, Internal Power supply with 370000 mwatts capacity is up May 01 19:30:55:I:System: Stack unit 1 Fan 1 (Rear Side Right), ok May 01 19:30:55:I:System: Stack unit 1 Fan 2 (Rear Side Left), ok Dynamic Log Buffer (4000 lines): Jul 31 14:24:54:I:CLI CMD: "show logging" by local user from ssh If the size of the Dynamic Log Buffer does not meet organization-defined audit record storage requirements, this is a finding. |
| Fix Text (F-77816r1110640_fix) |
| Configure logging: ICX(config)#logging buffered 4000 Note: Reload may be required to put new log size into effect. |