AccessLogValve must be configured for Catalina engine.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-222997 | TCAT-AS-001560 | SV-222997r1016518_rule | Medium |
| Description |
| STIG | Date |
| Apache Tomcat Application Server 9 Security Technical Implementation Guide | 2025-02-11 |
Details
| Check Text (C-24669r985898_chk) |
| As an elevated user on the Tomcat server, edit the $CATALINA_BASE/conf/server.xml file. Review the <Engine> element. Ensure one AccessLog <Valve> element is nested within the engine element. If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined, this is a finding. EXAMPLE: <Engine name="Standalone" ...> ... <Valve className="org.apache.catalina.valves.AccessLogValve" prefix="catalina_access_log" suffix=".txt" pattern="common"/> ... </Engine> |
| Fix Text (F-24658r985899_fix) |
| As a privileged user on the Tomcat server, edit the $CATALINA_BASE/conf/server.xml file. Create a <Valve> element that is nested beneath the <Host> element containing an AccessLogValve. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload |