6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'

Information

The 'ErrorLog' directive should be configured to send web server error logs to a 'syslog' facility so the logs can be processed and monitored along with the system logs.

Rationale:

It is easy for web server error logs to be overlooked in the log monitoring process, yet application-level attacks have become the most common and are extremely important for detecting attacks early, as well as detecting non-malicious problems such as a broken link or internal errors. By including the Apache error logs with the system logging facility, the application logs are more likely to be included in the established log monitoring process.

Solution

Perform the following to implement the recommended state:

1. Add an 'ErrorLog' directive if not already configured. Any appropriate 'syslog' facility may be used in place of 'local1'.

ErrorLog 'syslog:local1'

2. Add a similar 'ErrorLog' directive for each virtual host if necessary.

See Also

https://workbench.cisecurity.org/files/2020

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CSCv6|6.6

Plugin: Unix

Control ID: 5de38c03208dc0f418192b862fe21d7d60024ff9903b1c07f7c2b39eb610e80a