7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default

Information

Handlers specify where log messages are sent. Console handlers send log messages to the Java console and File handlers specify logging to a file.

Rationale:

Utilizing file handlers will ensure that security event information is persisted to disk.

Impact:

Configuring logging to debug logging, i.e. FINEST or ALL, can generate large amounts of information which may impact server performance.

Solution

Add the following entries, replacing <file_handler> with either FileHandler or AsyncFileHandler, to your logging.properties file if they do not exist.

handlers=1catalina.org.apache.juli.<file_handler>, 2localhost.org.apache.juli.<file_handler>, 3manager.org.apache.juli.<file_handler>, 4host-manager.org.apache.juli.<file_handler>, java.util.logging.ConsoleHandler

Ensure logging is not off and set the <logging_level> to the desired level (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL), for example:

org.apache.juli.FileHandler.level=<logging_level>

Default Value:

No value for new applications by default.

See Also

https://workbench.cisecurity.org/benchmarks/11652

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, CSCv7|6.3

Plugin: Unix

Control ID: d8a60fe07f8252636e7bc6ba158e230233697e021e5e4eaaf79a7dba648848c7