Audit logging is disabled for F5

Vendor

F5

Description

Audit logging is important for traceability reasons in case of an outage, or a successful intrusion attempt. Indeni will alert if audit is not enabled.

Remediation Steps

An administrator could verify that auditing is enabled by logging into the web interface and clicking on "System" -> "Logs" -> "Configuration" -> "Options". On that page, make sure that audit logging for "MCP" and "tmsh" is set to either "Enable", "Verbose" or "Debug".More information about TMM logging can be found here at https://support.f5.com/csp/article/K5532

How does this work?

This alert logs into the F5 unit via iControl REST and retrieves the status of the audit logging.

Why is this important?

Audit logging is important for traceability reasons in case of an outage, or a successful intrusion attempt.

Without Indeni how would you find this?

An administrator could verify that auditing is enabled by logging into the web interface and clicking on "System" -> "Logs" -> "Configuration" -> "Options". On that page, make sure that audit logging for "MCP" and "tmsh" is set to either "Enable", "Verbose" or "Debug".

View Source Code
single