{"description": "<tt>LogLevel</tt> should be enabled and set to <sub idref=\"var_httpd_loglevel\" />.\nAdd or edit the following in <tt>/etc/httpd/conf/httpd.conf</tt>:\n<pre>LogLevel <sub idref=\"var_httpd_loglevel\" /></pre>", "rationale": "The server error logs are invaluable because they can also be used to identify\npotential problems and enable proactive remediation. Log data can reveal\nanomalous behavior such as \"not found\" or \"unauthorized\" errors that may\nbe an evidence of attack attempts. Failure to enable error logging can\nsignificantly reduce the ability of Web Administrators to detect or remediate\nproblems. While the ErrorLog directive configures the error log file name, the\nLogLevel directive is used to configure the severity level for the error logs.\nThe log level values are the standard syslog levels: emerg, alert, crit, error,\nwarn, notice, info and debug.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify if <tt>LogLevel</tt> is configured correctly in\n<tt>/etc/httpd/conf/httpd.conf</tt>, run the following command:\n<pre>$ grep -i loglevel /etc/httpd/conf/httpd.conf</pre>\nThe command should return the following:\n<pre>LogLevel warn</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable HTTPD LogLevel", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml", "template": null}