The system must produce audit records containing information to establish what type of events occurred.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-64013 | VCWN-06-000036 | SV-78503r1_rule | Low |
| Description |
|---|
| Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. |
| STIG | Date |
|---|---|
| VMware vSphere vCenter Server Version 6 Security Technical Implementation Guide | 2017-07-11 |
Details
| Check Text ( C-64765r1_chk ) |
|---|
| From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings. Verify that config.log.level is set to "info". or From a PowerCLI command prompt while connected to the vCenter server run the following command: Get-AdvancedSetting -Entity If the config.log.level is set to a value other than info or does not exist, this is a finding. |
| Fix Text (F-69943r1_fix) |
|---|
| From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings. Click Edit and edit the config.log.level setting to info or if the value does not exist create it by entering the values in the Key and Value fields and clicking Add. or From a PowerCLI command prompt while connected to the vCenter server run the following command: If the setting already exists: Get-AdvancedSetting -Entity If the setting does not exist: New-AdvancedSetting -Entity |