Details

Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.

Solution

From the vSphere Web Client go to Host and Clusters >> Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Click ‘Edit’ and edit the ‘config.log.level’ setting to ‘info’ or if the value does not exist create it by entering the values in the ‘Key’ and ‘Value’ fields and clicking ‘Add’.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

If the setting already exists:
Get-AdvancedSetting -Entity -Name config.log.level | Set-AdvancedSetting -Value info

If the setting does not exist:
New-AdvancedSetting -Entity -Name config.log.level -Value info

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.

References

• 800-53|SI-6d.
• CAT|III
• CCI|CCI-002702
• Rule-ID|SV-216858r612237_rule
• STIG-ID|VCWN-65-000036
• STIG-Legacy|SV-104611
• STIG-Legacy|V-94781
• Vuln-ID|V-216858

Source

• Tenable.com/audits