UCF STIG Viewer Logo

Remote logging for ESXi hosts must be configured.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-99999-ESXI5-000133 SRG-OS-99999-ESXI5-000133 SRG-OS-99999-ESXI5-000133_rule Medium
Description
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-99999-ESXI5-000133_chk )
Verify the vSphere Syslog Collector syslog host has been configured. From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Verify the 'Syslog.global.logHost' is set to the (site-specific) syslog server hostname.

If the 'Syslog.global.logHost' is unconfigured, this is a finding.
Fix Text (F-SRG-OS-99999-ESXI5-000133_fix)
Step 1: Verify the vSphere Syslog Collector syslog host has been configured. If not, install/enable the vSphere Syslog Collector.
Step 2: From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global".
Step 3: Set 'Syslog.global.logHost' to the syslog server hostname.