{"description": "<tt>ErrorLog</tt> should be enabled and set to the following in\n<tt>/etc/httpd/conf/httpd.conf</tt>:\n<pre>ErrorLog \"logs/error_log\"</pre>", "rationale": "The server error logs are invaluable because they can also be used to identify\npotential problems and enable proactive remediation. Log data can reveal\nanomalous behavior such as \"not found\" or \"unauthorized\" errors that may\nbe an evidence of attack attempts. Failure to enable error logging can\nsignificantly reduce the ability of Web Administrators to detect or remediate\nproblems.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify if <tt>ErrorLog</tt> is configured correctly in\n<tt>/etc/httpd/conf/httpd.conf</tt>, run the following command:\n<pre>$ grep -i errorlog /etc/httpd/conf/httpd.conf</pre>\nThe output should return the following:\n<pre>ErrorLog \"logs/error_log\"</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable HTTPD Error Logging", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml", "template": null}