Details
NOTE: Update LOG_HOST to the appropriate value for the local environment.
Solution
Perform the following-1. Install/Enable a syslog host (i.e vSphere Syslog Collector).
2. From the vSphere web client select the host and click ‘Manage’ -> ‘Advanced Sytem
Settings’
3. Enter Syslog.global.logHost in the filter.
4. Set the Syslog.global.logHost to the hostname of your syslog server.To implement the recommended configuration state, run the following PowerCLI
command-# Set Syslog.global.logHost for each host
Get-VMHost | Foreach { Set-VMHostAdvancedConfiguration -VMHost $_ -Name
Syslog.global.logHost -Value ‘
Note- When setting a remote log host it is also recommended to set the
‘Syslog.global.logDirUnique’ to true. You must configure the syslog settings for each host.
The host syslog parameters can also be configured using the vCLI or PowerCLI, or using an
API client.
Default Value-The prescribed state is not the default state.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system VMware.