Title

The Tomcat server must record time stamps for log records that meet a granularity of one second for a minimum degree of precision. (Cat II impact)

Discussion

To investigate an incident, the log records should be easily put into chronological order. Without sufficient granularity of time stamps, the chronological order cannot be determined. Time stamps generated by the application server include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks.

Check Content

Review the server.xml configuration file for Tomcat server and verify that logging has been setup with at least the following entries: %t In the server.xml file look for the following section in the xml: <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> If the pattern attribute does not contain “common” or at least the following : “%t”, this is a finding.

Fix Text

Configure the application server to use time stamps for log records that can meet a granularity of one second.

Additional Identifiers

Rule ID: SV-71705r2_rule

Vulnerability ID: V-57433

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.