Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240751 | VRAU-TC-000155 | SV-240751r879563_rule | Medium |
Description |
---|
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Like all servers, tc Server will typically process GET and POST requests clients. These will help investigators understand what happened. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide | 2023-10-03 |
Check Text ( C-43984r673995_chk ) |
---|
At the command prompt, execute the following command: tail /storage/log/vmware/vcac/access_log.YYYY-MM-dd.txt Note: Substitute the actual date in the file name. If HTTP "GET" and/or "POST" events are not being recorded, this is a finding. |
Fix Text (F-43943r673996_fix) |
---|
Navigate to and open /etc/vcac/server.xml. Navigate to and locate Configure the Note: The "AccessLogValve" should be configured as follows: directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="access_log" requestAttributesEnabled="true" rotatable="false" suffix=".txt"/> |