When using centralized logging; the application must include a unique identifier in order to distinguish itself from other application logs.

From Application Security and Development Security Technical Implementation Guide

Part of SRG-APP-000098

Associated with: CCI-000133

SV-84055r1_rule When using centralized logging; the application must include a unique identifier in order to distinguish itself from other application logs.

Vulnerability discussion

Without establishing the source, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application's log data could be co-mingled with other log data. To address this issue, the application itself must be identified as well as the application host or client name. In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know the source of the event, particularly in the case of centralized logging.Associating information about the source of the event within the application provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured application.

Check content

If the application is logging locally and does not utilize a centralized logging solution, this requirement is not applicable. Review system documentation and identify log location. Access the application logs. Review the application logs. Ensure the application is uniquely identified either within the logs themselves or via log storage mechanisms. Ensure the hosts or client names hosting the application are also identified. Either hostname or IP address is acceptable. If the application name and the hosts or client names are not identified, this is a finding.

Fix text

Configure the application logs or the centralized log storage facility so the application name and the hosts hosting the application are uniquely identified in the logs.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer