7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default

Information

Handlers specify where log messages are sent. Console handlers send log messages to the Java console and File handlers specify logging to a file.

Rationale:

Utilizing file handlers will ensure that security event information is persisted to disk.

Impact:

Configuring logging to debug logging, i.e. FINEST or ALL, can generate large amounts of information which may impact server performance.

Solution

Add the following entries, replacing <file_handler> with either FileHandler or AsyncFileHandler, to your logging.properties file if they do not exist.

handlers=1catalina.org.apache.juli.<file_handler>, 2localhost.org.apache.juli.<file_handler>, 3manager.org.apache.juli.<file_handler>, 4host-manager.org.apache.juli.<file_handler>, java.util.logging.ConsoleHandler

Ensure logging is not off and set the <logging_level> to the desired level (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL), for example:

org.apache.juli.FileHandler.level=<logging_level>

Default Value:

No value for new applications by default.

See Also

https://workbench.cisecurity.org/benchmarks/11652

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, CSCv7|6.3

Plugin: Unix

Control ID: d8a60fe07f8252636e7bc6ba158e230233697e021e5e4eaaf79a7dba648848c7