Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.
Check
Review the web server documentation and deployed configuration to determine if the web server log records are backed up onto an unrelated system or media than the system being logged.
If the web server logs are not backed up onto a different system or media than the system being logged, this is a finding.
Fix
Configure the web server logs to be backed up onto a different system or media other than the system being logged.