UCF STIG Viewer Logo

Log files must consist of the required data fields.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13688 WG242 IIS7 SV-32480r3_rule Medium
Description
Log files are a critical component to the successful management of an IS used within the DoD. By generating log files with useful information web administrators can leverage them in the event of a disaster, malicious attack, or other site specific needs.
STIG Date
IIS 7.0 Site STIG 2019-05-15

Details

Check Text ( C-32795r2_chk )
Follow the procedures below for each site under review:

1. Open the IIS Manager.
2. Click the site name.
3. Click the Logging icon.
4. Under Format select W3C.
5. Click Select Fields, ensure at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer. If logging is not enabled, this is a finding.
Fix Text (F-29074r1_fix)
1. Open the IIS Manager.
2. Click the site name.
3. Click the Logging icon.
4. Under Format select W3C.
5. Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.