UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The VMM must protect audit information from unauthorized modification by configuring remote logging.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63833 ESXI-06-200004 SV-78323r1_rule Medium
Description
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record.
STIG Date
VMware vSphere ESXi 6.0 Security Technical Implementation Guide 2017-07-11

Details

Check Text ( C-64583r1_chk )
From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Syslog.global.logHost value and verify it is set to a site specific syslog server hostname.

or

From a PowerCLI command prompt while connected to the ESXi host run the following command:

Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost

If the Syslog.global.logHost setting is not set to a site specific syslog server, this is a finding.
Fix Text (F-69761r1_fix)
From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Syslog.global.logHost value and configure it to a site specific syslog server.

or

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value ""