ColdFusion must produce log records containing information to establish what type of events occurred.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-279034	SRG-APP-000095-AS-000056	APAS-CF-000070	SV-279034r1171436_rule	2025-12-19	1

Description
Without sufficient logging of events, including information about what type of event occurred, it is difficult to detect, understand, or respond to suspicious or unauthorized activity within the ColdFusion application server. Comprehensive event logging is essential to support auditing, troubleshooting, and forensic analysis. ColdFusion must generate log records that capture key attributes of events, such as event type, source, outcome, and affected components. This information enables security personnel to determine the nature of an event, assess its impact, and trace it back to a user or process. Failure to produce detailed and complete logs can result in missed detection of security incidents, hinder incident response efforts, and reduce overall situational awareness. Satisfies: SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072

Description

Without sufficient logging of events, including information about what type of event occurred, it is difficult to detect, understand, or respond to suspicious or unauthorized activity within the ColdFusion application server. Comprehensive event logging is essential to support auditing, troubleshooting, and forensic analysis. ColdFusion must generate log records that capture key attributes of events, such as event type, source, outcome, and affected components. This information enables security personnel to determine the nature of an event, assess its impact, and trace it back to a user or process. Failure to produce detailed and complete logs can result in missed detection of security incidents, hinder incident response efforts, and reduce overall situational awareness. Satisfies: SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072

ℹ️ Check
Verify neo-logging.xml Log Pattern configuration. 1. Open the neo-logging.xml file located at: <ColdFusion_Installation_Directory>\lib\neo-logging.xml 2. Examine the <var name='pattern'/> element. Review the value assigned to this element. Verify the log pattern configuration. 3. Confirm the value is: <string>"%p","%t",%d{"MM/dd/yy","HH:mm:ss"},"%a","%m%z"%n</string> OR Ensure the following pattern definition is included: - The pattern includes the %d (date/time) pattern definition with the appropriate format (MM/dd/yy and HH:mm:ss). - The pattern includes the %m (message) pattern. If the neo-logging.xml file is missing or cannot be located, this is a finding. If the <var name='pattern'/> element does not contain the exact required pattern, this is a finding. If the pattern does not include the %d token with the required date/time format, this is a finding. If the pattern does not include the %m (message) token, this is a finding.

ℹ️ Check

Verify neo-logging.xml Log Pattern configuration. 1. Open the neo-logging.xml file located at: <ColdFusion_Installation_Directory>\lib\neo-logging.xml 2. Examine the <var name='pattern'/> element. Review the value assigned to this element. Verify the log pattern configuration. 3. Confirm the value is: <string>"%p","%t",%d{"MM/dd/yy","HH:mm:ss"},"%a","%m%z"%n</string> OR Ensure the following pattern definition is included: - The pattern includes the %d (date/time) pattern definition with the appropriate format (MM/dd/yy and HH:mm:ss). - The pattern includes the %m (message) pattern. If the neo-logging.xml file is missing or cannot be located, this is a finding. If the <var name='pattern'/> element does not contain the exact required pattern, this is a finding. If the pattern does not include the %d token with the required date/time format, this is a finding. If the pattern does not include the %m (message) token, this is a finding.

✔️ Fix
1. Locate the neo-logging.xml file for ColdFusion: <ColdFusion_Installation_Directory>\lib\neo-logging.xml 2. After creating a backup of this file, edit it and locate the <var name='pattern'/> element. 3. Set the value of this element to include all pertinent fields, for example: <string>"%p","%t",%d{"MM/dd/yy","HH:mm:ss"},"%a","%m%z"%n</string>