Details

For performance reasons, rsyslog file monitoring is preferred over configuring VMware Postgres to send events to a syslog facility. Without ensuring that logs are created, that rsyslog configs are created, and that those configs are loaded, the log file monitoring and shipping will not be effective.

Satisfies: SRG-APP-000359-DB-000319, SRG-APP-000360-DB-000320, SRG-APP-000092-DB-000208

Solution

Navigate to and open /etc/vmware-syslog/stig-services-vpostgres.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type=’imfile’
File=’/var/log/vmware/vpostgres/serverlog.std*’
Tag=’vpostgres-first’
Severity=’info’
Facility=’local0′)

input(type=’imfile’
File=’/var/log/vmware/vpostgres/postgresql-*.log’
Tag=’vpostgres’
Severity=’info’
Facility=’local0′)

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-5(1)
• CAT|II
• CCI|CCI-001855
• Rule-ID|SV-239214r717064_rule
• STIG-ID|VCPG-67-000022
• Vuln-ID|V-239214

Source

• Tenable.com/audits