The NSX-T Manager must be configured to send logs to a central log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251787 | TNDM-3X-000088 | SV-251787r879886_rule | CCI-001851 | medium |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. | ||||
| STIG | Date | |||
| VMware NSX-T Manager NDM Security Technical Implementation Guide | 2023-06-22 | |||
Details
Check Text (C-251787r879886_chk)
From an NSX-T Manager shell, run the following command(s):
> get logging-servers
If any configured logging-servers are not configured with protocol of "tcp", "li-tls", or "tls" and level of "info", this is a finding.
If no logging-servers are configured, this is a finding.
Note: This check must be run from each NSX-T Manager as they are configured individually.
Fix Text (F-55201r810363_fix)
(Optional) From an NSX-T Manager shell, run the following command(s) to clear any existing incorrect logging-servers:
> clear logging-servers
From an NSX-T Manager shell, run the following command(s) to configure a tcp syslog server:
> set logging-server <server-ip or server-name> proto tcp level info
From an NSX-T Manager shell, run the following command(s) to configure a tls syslog server:
> set logging-server <server-ip or server-name> proto tls level info serverca ca.pem clientca ca.pem certificate cert.pem key key.pem
From an NSX-T Manager shell, run the following command(s) to configure an li-tls syslog server:
> set logging-server <server-ip or server-name> proto li-tls level info serverca root-ca.crt
Note: If using the protocols TLS or LI-TLS to configure a secure connection to a log server, the server and client certificates must be stored in /image/vmware/nsx/file-store on each NSX-T Manager appliance.