UCF STIG Viewer Logo

The NSX-T Manager must be configured to send logs to a central log server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251787 TNDM-3X-000088 SV-251787r851743_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
STIG Date
VMware NSX-T Manager NDM Security Technical Implementation Guide 2022-09-01

Details

Check Text ( C-55247r810362_chk )
From an NSX-T Manager shell, run the following command(s):

> get logging-servers

If any configured logging-servers are not configured with protocol of "tcp", "li-tls", or "tls" and level of "info", this is a finding.

If no logging-servers are configured, this is a finding.

Note: This check must be run from each NSX-T Manager as they are configured individually.
Fix Text (F-55201r810363_fix)
(Optional) From an NSX-T Manager shell, run the following command(s) to clear any existing incorrect logging-servers:

> clear logging-servers

From an NSX-T Manager shell, run the following command(s) to configure a tcp syslog server:

> set logging-server proto tcp level info

From an NSX-T Manager shell, run the following command(s) to configure a tls syslog server:

> set logging-server proto tls level info serverca ca.pem clientca ca.pem certificate cert.pem key key.pem

From an NSX-T Manager shell, run the following command(s) to configure an li-tls syslog server:

> set logging-server proto li-tls level info serverca root-ca.crt

Note: If using the protocols TLS or LI-TLS to configure a secure connection to a log server, the server and client certificates must be stored in /image/vmware/nsx/file-store on each NSX-T Manager appliance.