WAS | WebSphere 보안 취약점 관련 access Log 설정

WebSphere 보안 취약점 관련 access Log 설정

---

Test Environment

• Test Version : WebSphere v8.5

---

NCSA access Log and HTTP error log set up

HTTP Access

1. 전체 로그 설정

• Click Servers > Server Types > WebSphere application servers > server_name > NCSA access and HTTP error logging.
• Select Enable logging service at server start-up.
• Ensure that Enable access logging is selected.

2. 컨테이너별 로그 설정 part 1

• Application servers > server1 > Web container transport chains > HttpQueueInboundDefault > HTTP inbound channel (HTTP_2)
• Select Enable logging.

3. 컨테이버별 로그 설정 part 2

• Application servers > server1 > Web container transport chains > WCInboundDefault > HTTP inbound channel (HTTP_2)
  

로그 포맷 변경시

참조 링크

https://www.ibm.com/support/knowledgecenter/ko/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/ttrb_access_logging.html

설정 위치

• Go to the custom properties page for the wanted transport chain. Click Servers > Server Types > WebSphere application servers > server_name > Web Container Settings > Web container transport chains > chain_name > HTTP_channel_name > Custom properties.

• Costum properties

  • key

  accessLogFormat

  • value

  %h %u %t "%r" %s %b %D "%{Referer}i" "%{User-agent}I" %{JESSIONID}C
  %h %i %u %t "%r" %s %b %D