Virtual machine log files do not have a size limit.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15907 | ESX1110 | SV-16849r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| Virtual machines can write troubleshooting information into a virtual machine log file (vmware.log) stored on the VMFS volume. Virtual machine users and processes may be configured to abuse the logging function, either intentionally or inadvertently so that large amounts of data flood the log file. Over time, the log file can consume so much of the ESX Server’s file system space that it fills the hard disk, causing an effective denial of service on the ESX Server. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16267r1_chk ) |
|---|
| 1. Login to VirtualCenter with the VI Client and select the virtual machine from the Inventory panel. The configuration page for the virtual machine appears with the Summary tab displayed. 2. Click Edit Settings. 3. Click Options > General and make a record of the path displayed in the virtual machine configuration file field. 4. At the ESX Server service console, change directories to access the virtual machine configuration file recorded in step 3. 5. Virtual machine configuration files are located in the /vmfs/volumes/(datastore) directory, where (datastore) is the name of the storage device on which the virtual machine files reside. In example above, [vol1]vm-finance/vm-finance.vmx is located in /vmfs/volumes/vol1/vm-finance/. 6. To verify the log size limit, perform the following: # grep log.rotate.Size (virtual machine name).vmx log.rotateSize=(number in bytes) If no limit is set, this is a finding. The default is 500KB. |
| Fix Text (F-15868r1_fix) |
|---|
| Configure a limit for virtual machine log size. |