Oracle WebLogic must provide the ability to write specified audit record content to an audit log server.
An XCCDF Rule
Description
<VulnDiscussion> Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, filenames involved, access control or flow control rules invoked. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. Application servers and their related components are required to be capable of writing logs to centralized audit log servers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-235950r628628_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. Access AC
2. From 'Domain Structure', select 'Services' -> 'Data Sources'
3. Utilize 'Change Center' to create a new change session
4. Click 'New' data source to create a new data source for the audit data store using schema IAU_APPEND
5. Enter database details and JNDI name, click through wizard
6. Select all servers and clusters available as targets to deploy this data source to