6.2 Ensure a Syslog Facility Is Configured for Error Logging - VirtualHost

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The ErrorLog directive should be configured to send logs to a syslog facility so that the logs can be processed and monitored along with the system logs.

Rationale:

It is easy for the web server error logs to be overlooked in the log monitoring process, and yet the application level attacks have become the most common and are extremely important for detecting attacks early, as well as detecting non-malicious problems such as a broken link, or internal errors. By including the Apache error logs with the system logging facility, the application logs are more likely to be included in the established log monitoring process.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following to implement the recommended state:

Add an ErrorLog directive if not already configured. Any appropriate syslog facility may be used in place of local1.

ErrorLog 'syslog:local1'

Add a similar ErrorLog directive for each virtual host if necessary.

Default Value:

The following is the default configuration:

ErrorLog 'logs/error_log'

See Also

https://workbench.cisecurity.org/files/3021