UCF STIG Viewer Logo

Rsyslog must be configured to monitor and ship ESX Agent Manager log files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239398 VCEM-67-000027 SV-239398r840143_rule Medium
Description
ESX Agent Manager a number of logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensic, or other purposes relevant to ensuring the availability and integrity of the hosted application. Satisfies: SRG-APP-000358-WSR-000163, SRG-APP-000125-WSR-000071
STIG Date
VMware vSphere 6.7 EAM Tomcat Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42631r840142_chk )
At the command prompt, execute the following command:

# grep -v "^#" /etc/vmware-syslog/stig-services-eam.conf

Expected result:

input(type="imfile"
File="/var/log/vmware/eam/eam.log"
Tag="eam-main"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/localhost_access_log*.txt"
Tag="eam-access"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/jvm.log.std*"
Tag="eam-stdout"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/catalina*.log"
Tag="eam-catalina"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/localhost.*.log"
Tag="eam-catalina"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/firstboot/eam_firstboot.py*.log"
Tag="eam-firstboot"
Severity="info"
Facility="local0")
Tag="eam-firstboot"
Severity="info"
Facility="local0")

If the file does not exist, this is a finding.

If the output of the command does not match the expected result, this is a finding.
Fix Text (F-42590r674687_fix)
Navigate to and open:

/etc/vmware-syslog/stig-services-eam.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type="imfile"
File="/var/log/vmware/eam/eam.log"
Tag="eam-main"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/localhost_access_log*.txt"
Tag="eam-access"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/jvm.log.std*"
Tag="eam-stdout"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/catalina*.log"
Tag="eam-catalina"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/eam/web/localhost.*.log"
Tag="eam-catalina"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/firstboot/eam_firstboot.py*.log"
Tag="eam-firstboot"
Severity="info"
Facility="local0")