The application server must provide the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-57487	SRG-APP-000353-AS-000235	SV-71763r2_rule		Medium

Description
Log records can be generated from various components within the application server. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (i.e., logable events). Application server log events may include, but are not limited to, HTTP, Database, and XML parsing activity. The application server must be capable of allowing defined individuals or roles to change the logging to be performed on all application server components, based on all selectable event criteria during a defined time threshold. The time threshold can be defined by such events as a change in the threat environment. The ability to change logging parameters during the threat would allow important forensic information to be gathered during the time duration of the threat.

Description

Log records can be generated from various components within the application server. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (i.e., logable events). Application server log events may include, but are not limited to, HTTP, Database, and XML parsing activity. The application server must be capable of allowing defined individuals or roles to change the logging to be performed on all application server components, based on all selectable event criteria during a defined time threshold. The time threshold can be defined by such events as a change in the threat environment. The ability to change logging parameters during the threat would allow important forensic information to be gathered during the time duration of the threat.

STIG	Date
Application Server Security Requirements Guide	2015-08-28

Details

Check Text ( C-58195r1_chk )
Review the application server configuration to determine if the application server provides the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. If the application server cannot meet this requirement, this is a finding.

Fix Text (F-62555r1_fix)
Configure the application server to provide the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.