how to secure access logs
Hi,
We had an incident yesterday, where I have understanding of what happened, but couldn't prove anything because the access logs were missing from the file system. This is not the first time we have problems happening mysteriously and only one person knows the solution, so we are realizing that from now on, we need to tighten security on the file system; nobody should be able to modify or delete the logs for any managed or admin server.
The reason I post here is that I see another potential problem. There is a setting which controls what goes into access.log. This setting is under server (managed or admin), Logging, HTTP.
We had an incident yesterday, where I have understanding of what happened, but couldn't prove anything because the access logs were missing from the file system. This is not the first time we have problems happening mysteriously and only one person knows the solution, so we are realizing that from now on, we need to tighten security on the file system; nobody should be able to modify or delete the logs for any managed or admin server.
The reason I post here is that I see another potential problem. There is a setting which controls what goes into access.log. This setting is under server (managed or admin), Logging, HTTP.
0