Rule ID
SV-240262r879732_rule
Version
V1R2
CCIs
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Log processing failures include: software/hardware errors, failures in the log capturing mechanisms, and log storage capacity being reached or exceeded. If log capacity were to be exceeded, then events subsequently occurring would not be recorded. Organizations shall define a maximum allowable percentage of storage capacity serving as an alarming threshold (e.g., web server has exceeded 75% of log storage capacity allocated), at which time the web server or the logging mechanism the web server utilizes will provide a warning to the ISSO and SA at a minimum. This requirement can be met by configuring the web server to utilize a dedicated log tool that meets this requirement.
At the command prompt, execute the following command: grep 'accesslog.use-syslog' /opt/vmware/etc/lighttpd/lighttpd.conf | grep -v ^# If the value for "accesslog.use-syslog" is not set to "enable" or is missing, this is a finding.
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf Configure the lighttpd.conf file with the following: accesslog.use-syslog = "enable"