Envoy log files must be shipped via syslog to a central log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256744 | VCRP-70-000008 | SV-256744r889170_rule | CCI-001851 | medium |
| Description | ||||
| Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified. | ||||
| STIG | Date | |||
| VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide | 2023-02-21 | |||
Details
Check Text (C-256744r889170_chk)
At the command prompt, run the following command:
# rpm -V VMware-visl-integration|grep vmware-services-envoy.conf|grep "^..5......"
If the command returns any output, this is a finding.
Fix Text (F-60362r889169_fix)
Navigate to and open:
/etc/vmware-syslog/vmware-services-envoy.conf
Create the file if it does not exist.
Set the contents of the file as follows:
#envoy service log
input(type="imfile"
File="/var/log/vmware/envoy/envoy.log"
Tag="envoy-main"
Severity="info"
Facility="local0")
#envoy access log
input(type="imfile"
File="/var/log/vmware/envoy/envoy-access.log"
Tag="envoy-access"
Severity="info"
Facility="local0")