The Apache access log file data should be configured to contain the appropriate data elements.
(1) LogFormat Format String
(1) Apache configuration file: LogFormat directive
1.6.2 Configure the Access Log (Level 1, Scorable)
Add or modify the LogFormat directives in the Apache configuration to use the standard and recommended combined format show as shown below. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
1.17 Logging p30
Rule Title: Log file data must contain required data elements.
STIG ID: WG242 W22 Rule ID: SV-28654r2_rule Vuln ID: V-13688
Severity: CAT II Class: Unclass
Rule Title: Log file data must contain required data elements.
STIG ID: WG242 A22 Rule ID: SV-36642r1_rule Vuln ID: V-13688
Severity: CAT II Class: Unclass
CIS
Security Configuration Benchmark For Apache Web Server 2.2
Version 3.1.0
June 11th, 2012
CIS
2008-06-11
Version 3.1.0
Prose (PDF)
Security Configuration Benchmark For Apache Web Server
CIS
2008-11-01
Version 2.2.0
Prose (PDF)
DISA STIG
Apache SITE 2.2 for Windows
Release: 1 Benchmark Date: 23 Nov 2011
DISA
2011-11-23
V1R1
Prose (PDF)
DISA STIG
Apache SITE 2.2 for Unix
Release: 1 Benchmark Date: 23 Nov 2011
DISA
2011-11-23
V1R1
Prose (PDF)