Details

Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure can be lost. To minimize the timeframe of the log failure, an alert needs to be sent to the SA and ISSO at a minimum.

Log processing failures include, but are not limited to, failures in the application server log capturing mechanisms or log storage capacity being reached or exceeded. WebSphere must be set to log warnings that the audit subsystem has failed or is in danger or failing so action can be taken to correct the issue.

Solution

In the administrative console, navigate to Security >> Security auditing.

Click the ‘Audit subsystem failure action’ dropdown box.

Select ‘Log Warning’.

Click ‘Apply’.

Click ‘Save’ to save the configuration.

Restart the DMGR and all JVMs.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-5a.
• CAT|II
• CCI|CCI-000139
• Rule-ID|SV-95961r1_rule
• STIG-ID|WBSP-AS-000650
• Vuln-ID|V-81247

Source

• Tenable.com/audits