Details
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and provides a long-term audit record.
Satisfies: SRG-OS-000051-VMM-000230, SRG-OS-000058-VMM-000270, SRG-OS-000059-VMM-000280
Solution
From the vSphere Client, select the ESXi host and go to Configuration >> Advanced Settings.
Select the ‘Syslog.global.logHost’ value and configure it to a site-specific syslog server.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following commands:
Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value ‘
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system VMware.
References
- 800-53|AU-6(4)
- 800-53|AU-9
- CAT|II
- CCI|CCI-000154
- CCI|CCI-000163
- CCI|CCI-000164
- Rule-ID|SV-239330r674919_rule
- STIG-ID|ESXI-67-100004
- Vuln-ID|V-239330