7.5 Ensure pattern in context.xml is correct

Information

The pattern setting informs Tomcat what information should be logged per application. At a minimum, enough information to uniquely identify a request, what was requested, where the requested originated from, and when the request occurred should be logged. The following will log the request date and time (%t), the requested URL (%U), the remote IP address (%a), the local IP address (%A), the request method (%m), the local port (%p), query string, if present, (%q), and the HTTP status code of the response (%s).

pattern='%t %U %a %A %m %p %q %s'

Rationale:

The level of logging detail prescribed will assist in identifying correlating security events or incidents.

Solution

Add the following statement into the $CATALINA_HOME/webapps/<app name>/META-INF/context.xml file if it does not already exist.

<Valve
className='org.apache.catalina.valves.AccessLogValve' directory='$CATALINA_HOME/logs/' prefix='access_log' fileDateFormat='yyyy-MM-dd.HH' suffix='.log'
pattern='%h %t %H cookie:%{SESSIONID}c request:%{SESSIONID}r %m %U %s %q %r'
/>

Default Value:

Does not exist by default.

References:

https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html

See Also

https://workbench.cisecurity.org/files/2506

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CSCv6|6.2, CSCv7|6.3

Plugin: Unix

Control ID: 6b30234d69bb2a061b776167a06616d5895cd7c94f57070757a9534169b8d287