Logging must be started as soon as possible when a service starts and when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.
Add or reconfigure the following value:
server.errorlog = '/opt/vmware/var/log/lighttpd/error.log'
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.