5.4 Ensure that new entries are appended to the end of the log file

Information

By default, new log entries will overwrite old entries after a restart of the mongod or mongos service. Enabling the systemLog.logAppend setting causes new entries to be appended to the end of the log file rather than overwriting the existing content of the log when the mongod or mongos instance restarts.

Rationale:

Allowing old entries to be overwritten by new entries instead of appending new entries to the end of the log may destroy old log data that is needed for a variety of purposes.

Solution

Set systemLog.logAppend to true in the /etc/mongod.conf file.

See Also

https://workbench.cisecurity.org/files/3560

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv7|6.4

Plugin: Windows

Control ID: 2ed3d798845e8ba0a371a0ff3ecc048ee76b3b6c492a123f48707dcc53c72431