UCF STIG Viewer Logo

Logs of web server access and errors will be established and maintained


Overview

Finding ID Version Rule ID IA Controls Severity
V-2250 WG240 SV-2250r6_rule ECAT-1 ECAT-2 Medium
Description
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are reported in the access and error logs. In the event of a security incident, these logs can provide the SA and the web manager with valuable information. Without these log files, SAs and web managers are seriously hindered in their efforts to respond appropriately to suspicious or criminal actions targeted at the web site.
STIG Date
Web Server STIG 2010-10-07

Details

Check Text ( C-29928r1_chk )
This check is concerned with verifying the existence and the maintenance of web server log files.

Query the SA to determine what process, based on policy, governs the collection, maintenance, and retention of web server logs.

The reviewer should look at any local governing policies and processes to ascertain policy compliance by inspecting the log files and reviewing configuration settings.

The reviewer should check the following:
1. The frequency of backups for the web server log files.
2. The method of log files collection such as transmission to a central repository.
3. Event handling when the log files are full.

Inspect the log files, as follows:

Do the logs indicate contiguous time stamps?
Does there appear to be any breaks in reporting times that may indicate any kind of problem reporting or logging events?

If web log files are not being maintained, this is a finding.
Fix Text (F-13115r1_fix)
Configure the web server to maintain web server logs for both access and errors.