Details

Handlers specify where log messages are sent. Console handlers send log messages to the Java console and File handlers specify logging to a file.

Rationale:

Utilizing file handlers will ensure that security event information is persisted to disk.

Impact:

Configuring logging to debug logging, i.e. FINEST or ALL, can generate large amounts of information which may impact server performance.

Solution

Add the following entries, replacing with either FileHandler or AsyncFileHandler, to your logging.properties file if they do not exist.

handlers=1catalina.org.apache.juli., 2localhost.org.apache.juli., 3manager.org.apache.juli., 4host-manager.org.apache.juli., java.util.logging.ConsoleHandler

Ensure logging is not off and set the to the desired level (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL), for example:

org.apache.juli.FileHandler.level=

Default Value:

No value for new applications by default.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3090

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-12
• CSCv7|6.3

Source

• Tenable.com/audits