| ALMA-09-052930 | V1R2 | AlmaLinux OS 9 must have the rsyslog package installed. | |
| ALMA-09-053040 | V1R2 | AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. | |
| ALMA-09-053150 | V1R2 | The rsyslog service on AlmaLinux OS 9 must be active. | |
| OL07-00-030201 | V3R2 | The Oracle Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| OL07-00-030210 | V3R2 | The Oracle Linux operating system must take appropriate action when the remote logging buffer is full. | |
| OL07-00-030211 | V3R2 | The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server. | |
| OL07-00-030300 | V3R2 | The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited. | |
| OL07-00-030310 | V3R2 | The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| OL07-00-030320 | V3R2 | The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | |
| OL07-00-030321 | V3R2 | The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | |
| OL08-00-030062 | V2R4 | OL 8 must label all offloaded audit logs before sending them to the central log server. | |
| OL08-00-030690 | V2R4 | The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | |
| OL08-00-030700 | V2R4 | OL 8 must take appropriate action when the internal event queue is full. | |
| OL08-00-030710 | V2R4 | OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. | |
| OL08-00-030720 | V2R4 | OL 8 must authenticate the remote logging server for offloading audit logs. | |
| OL09-00-000450 | V1R1 | OL 9 must have the audispd-plugins package installed. | |
| OL09-00-000855 | V1R1 | OL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | |
| OL09-00-000860 | V1R1 | OL 9 must take appropriate action when the internal event queue is full. | |
| OL09-00-005015 | V1R1 | OL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | |
| OL09-00-005020 | V1R1 | OL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| OL09-00-005025 | V1R1 | OL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| RHEL-07-030201 | V3R9 | The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| RHEL-07-030210 | V3R9 | The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full. | |
| RHEL-07-030211 | V3R9 | The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server. | |
| RHEL-07-030300 | V3R9 | The Red Hat Enterprise Linux operating system must off-load audit records onto a different system or media from the system being audited. | |
| RHEL-07-030310 | V3R9 | The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| RHEL-07-030320 | V3R9 | The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | |
| RHEL-07-030321 | V3R9 | The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | |
| RHEL-08-030062 | V2R3 | RHEL 8 must label all off-loaded audit logs before sending them to the central log server. | |
| RHEL-08-030690 | V2R3 | The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | |
| RHEL-08-030700 | V2R3 | RHEL 8 must take appropriate action when the internal event queue is full. | |
| RHEL-08-030710 | V2R3 | RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| RHEL-08-030720 | V2R3 | RHEL 8 must authenticate the remote logging server for off-loading audit logs. | |
| RHEL-09-652040 | V2R4 | RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | |
| RHEL-09-652045 | V2R4 | RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| RHEL-09-652050 | V2R4 | RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| RHEL-09-653065 | V2R4 | RHEL 9 must take appropriate action when the internal event queue is full. | |
| RHEL-09-653130 | V2R4 | RHEL 9 audispd-plugins package must be installed. | |
| SLES-12-020070 | V3R2 | The audit-audispd-plugins must be installed on the SUSE operating system. | |
| SLES-12-020080 | V3R2 | The SUSE operating system audit event multiplexor must be configured to use Kerberos. | |
| SLES-12-020090 | V3R2 | Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | |
| SLES-15-030670 | V2R4 | The audit-audispd-plugins must be installed on the SUSE operating system. | |
| SLES-15-030680 | V2R4 | The SUSE operating system audit event multiplexor must be configured to use Kerberos. | |
| SLES-15-030690 | V2R4 | Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | |
| UBTU-18-010025 | V2R15 | The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| UBTU-20-010216 | V2R1 | The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| UBTU-22-653020 | V2R4 | Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited. | |
| UBTU-24-100450 | V1R1 | Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited. | |
| WN16-AU-000010 | V2R9 | Audit records must be backed up to a different system or media than the system being audited. | |
| WN19-AU-000010 | V3R4 | Windows Server 2019 audit records must be backed up to a different system or media than the system being audited. | |
| WN22-AU-000010 | V2R4 | Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | |