2.27 - Ensure logging is enabled for web-based requests if required by deployed applications - 'AccessLogValve = true'

Information

In the event that application requirements dictate additional logging for web-based requests, the AccessLogValve should be enabled.

Solution

Ensure the following <Valve> exists within: JBOSS_HOME/server/@[email protected]/deploy/jbossweb.sar/server.xml. By default, this <Valve> simply needs to be uncommented.

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CAT|II

Plugin: Unix

Control ID: a371371e356ceb402968632b56cb5f3b7e6f1338b241a534ac1dcdcbd9bfb560