UCF STIG Viewer Logo

tc Server HORIZON must produce log records containing sufficient information to establish when (date and time) events occurred.


Finding ID Version Rule ID IA Controls Severity
V-240752 VRAU-TC-000160 SV-240752r879564_rule Medium
After a security incident has occurred, investigators will often review log files to determine when events occurred. Understanding the precise sequence of events is critical for investigation of a suspicious event. As a Tomcat derivative, tc Server can be configured with an AccessLogValve. A Valve element represents a component that can be inserted into the request processing pipeline. The pattern attribute of the AccessLogValve controls which data gets logged. The %t parameter specifies that the system time should be recorded.
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2023-10-03


Check Text ( C-43985r673998_chk )
At the command prompt, execute the following command:

tail /storage/log/vmware/horizon/localhost_access_log.YYYY-MM-dd.txt

Note: Substitute the actual date in the file name.

If the time and date of events are not being recorded, this is a finding.
Fix Text (F-43944r673999_fix)
Navigate to and open /opt/vmware/horizon/workspace/conf/server.xml.

Navigate to and locate .

Configure the node with the below.

Note: The "AccessLogValve" should be configured as follows:
pattern="%h %l %u %t "%r" %s %b"