tc Server VCO must produce log records containing sufficient information to establish when (date and time) events occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240753	VRAU-TC-000165	SV-240753r674003_rule		Medium

Description
After a security incident has occurred, investigators will often review log files to determine when events occurred. Understanding the precise sequence of events is critical for investigation of a suspicious event. As a Tomcat derivative, tc Server can be configured with an AccessLogValve. A Valve element represents a component that can be inserted into the request processing pipeline. The pattern attribute of the AccessLogValve controls which data gets logged. The %t parameter specifies that the system time should be recorded.

Description

After a security incident has occurred, investigators will often review log files to determine when events occurred. Understanding the precise sequence of events is critical for investigation of a suspicious event. As a Tomcat derivative, tc Server can be configured with an AccessLogValve. A Valve element represents a component that can be inserted into the request processing pipeline. The pattern attribute of the AccessLogValve controls which data gets logged. The %t parameter specifies that the system time should be recorded.

STIG	Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide	2021-06-23

Details

Check Text ( C-43986r674001_chk )
At the command prompt, execute the following command: tail /storage/log/vmware/vco/app-server/localhost_access_log.txt If the time and date of events are not being recorded, this is a finding.

Fix Text (F-43945r674002_fix)
Navigate to and open /etc/vco/app-server/server.xml. Navigate to and locate . Configure the node with the below. Note: The "AccessLogValve" should be configured as follows: directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>