Logging must be enabled on the virtual machine (VM).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256473	VMCH-70-000025	SV-256473r886462_rule		Medium

Description
The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.

Description

The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.

STIG	Date
VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide	2023-12-01

Details

Check Text ( C-60148r886460_chk )
From the vSphere Client, select the Virtual Machine, right-click, and go to Edit Settings >> VM Options tab >> Advanced >> Settings. Ensure that the checkbox next to "Enable logging" is checked. or From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command: Get-VM \| Where {$_.ExtensionData.Config.Flags.EnableLogging -ne "True"} If logging is not enabled, this is a finding.

Check Text ( C-60148r886460_chk )

From the vSphere Client, select the Virtual Machine, right-click, and go to Edit Settings >> VM Options tab >> Advanced >> Settings.

Ensure that the checkbox next to "Enable logging" is checked.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Where {$_.ExtensionData.Config.Flags.EnableLogging -ne "True"}

If logging is not enabled, this is a finding.

Fix Text (F-60091r886461_fix)
From the vSphere Client, select the Virtual Machine, right-click, and go to Edit Settings >> VM Options tab >> Advanced >> Settings. Click the checkbox next to "Enable logging". Click "OK". or From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands: $spec = New-Object VMware.Vim.VirtualMachineConfigSpec $spec.Flags = New-Object VMware.Vim.VirtualMachineFlagInfo $spec.Flags.enableLogging = $true (Get-VM -Name ).ExtensionData.ReconfigVM($spec)

Fix Text (F-60091r886461_fix)

From the vSphere Client, select the Virtual Machine, right-click, and go to Edit Settings >> VM Options tab >> Advanced >> Settings.

Click the checkbox next to "Enable logging". Click "OK".

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:

$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.Flags = New-Object VMware.Vim.VirtualMachineFlagInfo
$spec.Flags.enableLogging = $true
(Get-VM -Name ).ExtensionData.ReconfigVM($spec)