Ensure syslog messages are not suppressed (Automated) - Complete Cloud Security in Minutes - Orca Security

Workload misconfigurations

Ensure syslog messages are not suppressed (Automated)

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8

Description

In more modern Syslog implementations, repeated message suppression can be configured (for example, $RepeatedMsgReduction in rsyslog).

Recommended Mitigation

If disabled, messages sent to Syslog could be suppressed and not logged. While a message is emitted stating that a given message was repeated and suppressed, the timestamp associated with these suppressed messages are lost, potentially damaging the recreation of an incident timeline.

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.