JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.

From JBoss EAP 6.3 Security Technical Implementation Guide

Associated with: CCI-001348

SV-76747r1_rule JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days.

Vulnerability discussion

JBoss logs by default are written to the local file system. A centralized logging solution like syslog should be used whenever possible; however, any log data stored to the file system needs to be off-loaded. JBoss EAP does not provide an automated backup capability. Instead, reliance is placed on OS or third-party tools to back up or off-load the log files.Protection of log data includes assuring log data is not accidentally lost or deleted. Off-loading log records to a different system or onto separate media from the system the application server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.

Check content

Interview the system admin and obtain details on how the log files are being off-loaded to a different system or media. If the log files are not off-loaded a minimum of every 7 days, this is a finding.

Fix text

Configure the application server to off-load log records every seven days onto a different system or media from the system being logged.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.