VirtualCenter does not log user, group, permission or role changes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15880	ESX0810	SV-16821r1_rule	ECAR-1 ECAR-2 ECAR-3	Medium

Description
VirtualCenter Servers not configured to log user, group, permission and role changes will not have the ability to review past system and user events. Recording these events is critical to establishing a recorded history of system events, enabling system administrators to diagnose intermittent system problems, suspicious user activity, and assisting with investigations. Log events also verify that the established policies configured on the system are in fact working as configured.

Description

VirtualCenter Servers not configured to log user, group, permission and role changes will not have the ability to review past system and user events. Recording these events is critical to establishing a recorded history of system events, enabling system administrators to diagnose intermittent system problems, suspicious user activity, and assisting with investigations. Log events also verify that the established policies configured on the system are in fact working as configured.

STIG	Date
VMware ESX 3 Virtual Center	2016-05-03

Details

Check Text ( C-16239r1_chk )
1. Log into VirtualCenter with the VI Client. 2. Select the Administration Menu at the top of the page. 3. Select VirtualCenter Management Server Configuration. 4. Select Logging Options. 5. Verify that VirtualCenter Logging is configured to Info(Normal Logging) or higher (Verbose or Trivia)

Fix Text (F-15840r1_fix)
Configure VirtualCenter Logging to Info or higher.