UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The NSX Distributed Firewall must off-load audit records onto a centralized log server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69151 VNSX-FW-000090 SV-83755r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management).
STIG Date
VMware NSX Distributed Firewall Security Technical Implementation Guide 2016-06-27

Details

Check Text ( C-69589r1_chk )
Log into vSphere Web Client with credentials authorized for administration, navigate and select the ESXi host and click "Manage" >> "Advanced System Settings", and enter "Syslog.global.logHost" in the filter.

Verify the correct setting for "Syslog.global.logHost" to the hostname of your syslog server.

If this setting does not specify the appropriate syslog server on each ESXi host, this is a finding.
Fix Text (F-75337r2_fix)
Log into vSphere Web Client with credentials authorized for administration, navigate and select the ESXi host and click "Manage" >> "Advanced System Settings", and enter "Syslog.global.logHost" in the filter.

Verify the correct setting for "Syslog.global.logHost" to the hostname of your syslog server.

Verify each ESXi host is set to a remote syslog server.