tc Server UI must produce log records containing sufficient information to establish what type of events occurred.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

tc Server UI must produce log records containing sufficient information to establish what type of events occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-88833	VROM-TC-000155	SV-99483r1_rule		Medium

Description
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Like all servers, tc Server will typically process “GET” and “POST” requests clients. These will help investigators understand what happened.

STIG	Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-88525r1_chk )
At the command prompt, execute the following command: tail /storage/log/vcops/log/product-ui/localhost_access_log.YYYY-MM-dd.txt Note: Substitute the actual date in the file name. If HTTP "GET" and/or "POST" events are not being recorded, this is a finding.

Fix Text (F-95575r1_fix)
Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/conf/server.xml. Navigate to and locate . Configure the node with the below. Note: The “AccessLogValve” should be configured as follows: directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>