CMMC Practice AU.3.048
Collect audit information (e.g., logs) into one or more central repositories.
Bold Coast Security Guidance
We have already introduced the idea of implementing a SIEM, and this practice codifies the collection of logs to a central repository so the SIEM can analyze multiple sources. At a very basic level, "syslog" servers are available for little to no cost, and will collect your logs into one location. This includes your servers and network devices. You should also collect logs from your workstations if possible.
Aggregate and store audit logs in a central location. Central repositories enable analysis by storing audit record content needed for analysis in a common location and format. Storing audit logs in central repositories also protects audit information. The repository has the available infrastructure, capacity, and protection mechanisms to meet the organization’s audit requirements. Policy and local laws may place requirements on the location and structure of the repositories.