Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-258743 | ESXI-80-000113 | SV-258743r958752_rule | Medium |
| Description |
|---|
| In order to ensure ESXi has sufficient storage capacity in which to write the audit logs, audit record storage capacity should be configured. If a central audit record storage facility is available, the local storage capacity should be sufficient to hold audit records that would accumulate during anticipated interruptions in delivery of records to the facility. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 ESXi Security Technical Implementation Guide | 2024-07-11 |
Details
| Check Text ( C-62483r933288_chk ) |
|---|
| From the vSphere Client, go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Advanced System Settings. Select the "Syslog.global.auditRecord.storageCapacity" value and verify it is set to "100". or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity If the "Syslog.global.auditRecord.storageCapacity" setting is not set to 100, this is a finding. |
| Fix Text (F-62392r933289_fix) |
|---|
| From the vSphere Client, go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Advanced System Settings. Click "Edit". Select the "Syslog.global.auditRecord.storageCapacity" value and configure it to "100". or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-AdvancedSetting -Name Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100 |