UCF STIG Viewer Logo

tc Server HORIZON must produce log records containing sufficient information to establish what type of events occurred.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240749 VRAU-TC-000145 SV-240749r673991_rule Medium
Description
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Like all servers, tc Server will typically process GET and POST requests clients. These will help investigators understand what happened.
STIG Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2021-06-23

Details

Check Text ( C-43982r673989_chk )
At the command prompt, execute the following command:

tail /storage/log/vmware/horizon/localhost_access_log.YYYY-MM-dd.txt

Note: Substitute the actual date in the file name.

If HTTP "GET" and/or "POST" events are not being recorded, this is a finding.
Fix Text (F-43941r673990_fix)
Navigate to and open /opt/vmware/horizon/workspace/conf/server.xml.

Navigate to and locate .

Configure the node with the below.

Note: The "AccessLogValve" should be configured as follows:
directory="logs"
pattern="%h %l %u %t "%r" %s %b"
prefix="localhost_access_log."
suffix=".txt"/>