7.6 Ensure directory in logging.properties is a secure location - check application log directory is secure

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted access.


Securing the log location will help ensure the integrity and confidentiality of web application activity records.


Perform the following:

Add the following properties into your logging.properties file if they do not exist


Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.

# chown tomcat_admin:tomcat <log_location>
# chmod o-rwx <log_location>

Default Value:

The directory location is configured to store logs in $CATALINA_BASE/logs.

See Also