UCF STIG Viewer Logo

The NSX Manager must off-load audit records onto a different system or media than the system being audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69209 VNSX-ND-000128 SV-83813r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
STIG Date
VMware NSX Manager Security Technical Implementation Guide 2016-06-27

Details

Check Text ( C-69649r1_chk )
Verify NSX Manager audit records are off-loaded to a different system.

Log on to NSX Manager with credentials authorized for administration, navigate and select Manage Appliance Settings >> Syslog Server >> Edit.

Enter name or IP of the Syslog Server, Port, and Protocol.

If audit records are not configured and are not off-loaded to a different system, this is a finding.

Note: TCP is the preferred protocol configuration to protect against network outages and queues logs locally until network connection is restored to a centralized server.
Fix Text (F-75395r1_fix)
Change the logs in NSX Manager to send to a centralized server for use as part of the organization's security incident tracking and analysis.

Log on to NSX Manager with credentials authorized for administration, navigate and select Manage Appliance Settings >> Syslog Server >> Edit.

Enter name or IP of the Syslog Server, Port, and Protocol.