Details

Apache Cassandra uses Logback for logging functionality. While this can be set using nodetool setlogginglevel changes made using this method will be reverted to the level specified in the logback.xml file the next time the process restarts.

The configurable logging levels are:

OFF

TRACE

DEBUG

INFO (Default)

WARN

ERROR

Rationale:

If logging is not enabled, issues may go undiscovered, and compromises and other incidents may occur without being quickly detected. It may also not be possible to provide evidence of compliance with security laws, regulations, and other requirements.

Solution

To remediate this setting:
Edit the logback-test.xml if present; otherwise, edit the logback.xml



INFO

%-5level [%thread] %date{ISO8601} %F:%L – %msg%n

Restart the Apache Cassandra

Default Value:
INFO

References:
http://cassandra.apache.org/doc/latest/troubleshooting/reading_logs.html?highlight=logging
https://logback.qos.ch/manual/configuration.html

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2309

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-12
• CSCv7|6.3

Source

• Tenable.com/audits