Envoy log files must be shipped via syslog to a central log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256744 | VCRP-70-000008 | SV-256744r889170_rule | CCI-001851 | medium |
| Description | ||||
| Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified. | ||||
| STIG | Date | |||
| VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide | 2023-02-21 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-4(1)
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001851
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-256744r889170_chk)
At the command prompt, run the following command:
# rpm -V VMware-visl-integration|grep vmware-services-envoy.conf|grep "^..5......"
If the command returns any output, this is a finding.
Fix Text (F-60362r889169_fix)
Navigate to and open:
/etc/vmware-syslog/vmware-services-envoy.conf
Create the file if it does not exist.
Set the contents of the file as follows:
#envoy service log
input(type="imfile"
File="/var/log/vmware/envoy/envoy.log"
Tag="envoy-main"
Severity="info"
Facility="local0")
#envoy access log
input(type="imfile"
File="/var/log/vmware/envoy/envoy-access.log"
Tag="envoy-access"
Severity="info"
Facility="local0")