Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-256360 | VCSA-70-000280 | SV-256360r885691_rule | Medium |
Description |
---|
vCenter server generates volumes of security-relevant application-level events. Examples include logins, system reconfigurations, system degradation warnings, and more. To ensure these events are available for forensic analysis and correlation, they must be sent to the syslog and forwarded on to the configured Security Information and Event Management (SIEM) system and/or central log server. The vCenter server sends events to syslog by default, but this configuration must be verified and maintained. |
STIG | Date |
---|---|
VMware vSphere 7.0 vCenter Security Technical Implementation Guide | 2023-06-15 |
Check Text ( C-60035r885689_chk ) |
---|
From the vSphere Client, go to Host and Clusters. Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Verify the "vpxd.event.syslog.enabled" value is set to "true". or From a PowerCLI command prompt while connected to the vCenter server, run the following command: Get-AdvancedSetting -Entity If the "vpxd.event.syslog.enabled" value is not set to "true", this is a finding. |
Fix Text (F-59978r885690_fix) |
---|
From the vSphere Client, go to Host and Clusters. Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Click "Edit Settings" and configure the "vpxd.event.syslog.enabled" setting to "true". or From a PowerCLI command prompt while connected to the vCenter server, run the following command: Get-AdvancedSetting -Entity |