TCAT-AS-000270 - The first line of request must be logged.


The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file: The "%r" pattern code is included in the pattern element and logs the first line associated with the event, namely the request method, URL path, query string, and protocol ('"' simply specifies a literal double quote). Including the pattern in the log configuration provides useful information about the time of the event which is critical for troubleshooting and forensic investigations.


As a privileged user on the Tomcat server:

Edit the $CATALINA_BASE/conf/server.xml file.

Modify the <Valve> element(s) nested within the <Host> element(s).

Change the AccessLogValve setting to include &quot;%r&quot; in the pattern= statement.

<Host name='localhost' appBase='webapps'
unpackWARs='true' autoDeploy='false'>
<Valve className='org.apache.catalina.valves.AccessLogValve' directory='logs'
prefix='localhost_access_log' suffix='.txt'
pattern='%h %l %t %u &quot;%r&quot; %s %b' />

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

Item Details


References: 800-53|AU-3, CAT|II, CCI|CCI-000132, Rule-ID|SV-222942r615938_rule, STIG-ID|TCAT-AS-000270, STIG-Legacy|SV-111413, STIG-Legacy|V-102467, Vuln-ID|V-222942

Plugin: Unix

Control ID: f2b21e276cad957a8c21e4d1e19cca64e5a7d22b108ee857a0b1659528977a52