| ALMA-09-052160 | V1R1 | AlmaLinux OS 9 audispd-plugins package must be installed. | |
| ALMA-09-052270 | V1R1 | AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server. | |
| ALMA-09-052380 | V1R1 | AlmaLinux OS 9 must take appropriate action when the internal event queue is full. | |
| ALMA-09-052490 | V1R1 | AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | |
| ALMA-09-052600 | V1R1 | AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | |
| ALMA-09-052710 | V1R1 | AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| ALMA-09-052820 | V1R1 | AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| UBTU-18-010007 | V2R15 | The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected. | |
| UBTU-18-010008 | V2R15 | The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. | |
| UBTU-20-010300 | V1R9 | The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems. | |
| UBTU-24-900950 | V1R1 | Ubuntu 24.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | |
| WN22-AU-000020 | V2R1 | Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | |
| UBTU-22-651035 | V2R1 | Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | |
| RHEL-09-652010 | V2R1 | RHEL 9 must have the rsyslog package installed. | |
| RHEL-09-652055 | V2R1 | RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. | |
| OL09-00-000350 | V1R1 | OL 9 must have the rsyslog package installed. | |
| OL09-00-005005 | V1R1 | OL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. | |
| WN16-AU-000020 | V2R10 | Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | |
| SLES-15-010580 | V1R9 | The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | |
| SLES-15-030790 | V1R9 | The SUSE operating system must off-load audit records onto a different system or media from the system being audited. | |
| SLES-15-030800 | V1R9 | Audispd must take appropriate action when the SUSE operating system audit storage is full. | |
| SLES-12-020100 | V2R13 | The audit system must take appropriate action when the network cannot be used to off-load audit records. | |
| SLES-12-020110 | V2R13 | Audispd must take appropriate action when the SUSE operating system audit storage is full. | |
| SLES-12-030340 | V2R13 | The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | |
| WN19-AU-000020 | V2R8 | Windows Server 2019 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | |