Title

The web server must not impede the ability to write specified log record content to an audit log server. (Cat II impact)

Discussion

Writing events to a centralized management audit system offers many benefits to the enterprise over having dispersed logs. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, enterprise analysis of events, and backup and archiving of event records enterprise-wide. The web server and related components are required to be capable of writing logs to centralized audit log servers.

Check Content

Review the web server documentation and deployment configuration to determine if the web server can write log data to, or if log data can be transferred to, a separate audit server. Request a user access the hosted application and generate logable events and verify the data is written to a separate audit server. If logs cannot be directly written or transferred on request or on a periodic schedule to an audit log server, this is a finding.

Fix Text

Configure the web server to directly write or transfer the logs to a remote audit log server.

Additional Identifiers

Rule ID: SV-206422r961395_rule

Vulnerability ID: V-206422

Group Title: SRG-APP-000358

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.