Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39410 | SRG-OS-000217-ESXI5 | SV-51268r1_rule | Medium |
Description |
---|
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record. |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2016-02-10 |
Check Text ( C-46684r1_chk ) |
---|
Verify the vSphere Syslog Collector syslog host has been configured. From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Verify the 'Syslog.global.logHost' is set to the (site-specific) syslog server hostname. If the 'Syslog.global.logHost' is unconfigured, this is a finding. |
Fix Text (F-44423r1_fix) |
---|
Step 1: Verify the vSphere Syslog Collector syslog host has been configured. If not, install/enable the vSphere Syslog Collector. Step 2: From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Step 3: Set 'Syslog.global.logHost' to the syslog server hostname. |