Application Servers must centralize the review and analysis of audit records from multiple components within the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35193	SRG-APP-000111-AS-000072	SV-46480r1_rule		Low

Description
Segregation of logging data to multiple disparate computer systems is counter-productive and makes log analysis, log event alarming and correlation difficult to implement and manage, particularly when the application server has multiple logging components that write logs to different log files and locations. This problem is compounded when there is a clustered application server environment. Application servers must provide the capability to centralize the storage of app server logs.

Description

Segregation of logging data to multiple disparate computer systems is counter-productive and makes log analysis, log event alarming and correlation difficult to implement and manage, particularly when the application server has multiple logging components that write logs to different log files and locations. This problem is compounded when there is a clustered application server environment. Application servers must provide the capability to centralize the storage of app server logs.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43571r1_chk )
Review AS product documentation and server configuration to determine if the AS can centralize log storage from the multiple AS components. If the AS is not configured to meet this requirement, this is a finding.

Fix Text (F-39740r1_fix)
Configure the AS to centrally store application server logs.