Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Remote logging for ESXi hosts must be configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-99999-ESXI5-000133 | SRG-OS-99999-ESXI5-000133 | SRG-OS-99999-ESXI5-000133_rule | Medium |
| Description |
|---|
| Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-99999-ESXI5-000133_chk ) |
|---|
| Verify the vSphere Syslog Collector syslog host has been configured. From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Verify the 'Syslog.global.logHost' is set to the (site-specific) syslog server hostname. If the 'Syslog.global.logHost' is unconfigured, this is a finding. |
| Fix Text (F-SRG-OS-99999-ESXI5-000133_fix) |
|---|
| Step 1: Verify the vSphere Syslog Collector syslog host has been configured. If not, install/enable the vSphere Syslog Collector. Step 2: From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Step 3: Set 'Syslog.global.logHost' to the syslog server hostname. |