AccessLogValve must be configured for each application context.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-222930 | TCAT-AS-000050 | SV-222930r960765_rule | Medium |
| Description |
| STIG | Date |
| Apache Tomcat Application Server 9 Security Technical Implementation Guide | 2025-02-11 |
Details
| Check Text (C-24602r426234_chk) |
| As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review for all <Context> elements. If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined within each <Context> element, this is a finding. EXAMPLE: <Context ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="application_name_log" suffix=".txt" pattern=""%h %l %t %u "%r" %s %b" /> ... /> |
| Fix Text (F-24591r426235_fix) |
| As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Create a <Valve> element that is nested within the <Context> element containing an AccessLogValve. EXAMPLE: <Context ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="application_name_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... /> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload |