6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'Main'

Information

The ErrorLog directive should be configured to send logs to a syslog facility so that the logs can be processed and monitored along with the system logs.

Rationale:

It is easy for the web server error logs to be overlooked in the log monitoring process, and yet the application level attacks have become the most common and are extremely important for detecting attacks early, as well as detecting non-malicious problems such as a broken link, or internal errors. By including the Apache error logs with the system logging facility, the application logs are more likely to be included in the established log monitoring process.

Solution

Perform the following to implement the recommended state:

Add an ErrorLog directive if not already configured. Any appropriate syslog facility may be used in place of local1.

ErrorLog "syslog:local1"

Add a similar ErrorLog directive for each virtual host if necessary.

Default Value:

The following is the default configuration:

ErrorLog "logs/error_log"

See Also

https://workbench.cisecurity.org/files/4548

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.6, CSCv7|6.8

Plugin: Unix

Control ID: 25036670acfb8505b06065499a2698bd0cfedd216f2b1b65a26f4af37e8bbfa4