The Apache access log file data should be configured to contain the appropriate data elements. (1) LogFormat Format String (1) Apache configuration file: LogFormat directive 1.6.2 Configure the Access Log (Level 1, Scorable) Add or modify the LogFormat directives in the Apache configuration to use the standard and recommended combined format show as shown below. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined 1.17 Logging p30 Rule Title: Log file data must contain required data elements. STIG ID: WG242 W22 Rule ID: SV-28654r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Rule Title: Log file data must contain required data elements. STIG ID: WG242 A22 Rule ID: SV-36642r1_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012 CIS 2008-06-11 Version 3.1.0 Prose (PDF) Security Configuration Benchmark For Apache Web Server CIS 2008-11-01 Version 2.2.0 Prose (PDF) DISA STIG Apache SITE 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011 DISA 2011-11-23 V1R1 Prose (PDF) DISA STIG Apache SITE 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011 DISA 2011-11-23 V1R1 Prose (PDF)