VCPG-67-000022 - Rsyslog must be configured to monitor VMware Postgres logs - log

Information

Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to the DBMS on its own server will not be an issue. However, space will still be required on the DBMS server for audit records in transit, and, under abnormal conditions, this could fill up. Because a requirement exists to halt processing upon audit failure, a service outage would result.

If support personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion.

The appropriate support staff include, at a minimum, the ISSO and the DBA/SA.

Satisfies: SRG-APP-000359-DB-000319, SRG-APP-000360-DB-000320, SRG-APP-000092-DB-000208

Solution

Navigate to and open /etc/vmware-syslog/stig-services-vpostgres.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile'
File='/var/log/vmware/vpostgres/serverlog.std*'
Tag='vpostgres-first'
Severity='info'
Facility='local0')

input(type='imfile'
File='/var/log/vmware/vpostgres/postgresql-*.log'
Tag='vpostgres'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-239214r679015_rule, STIG-ID|VCPG-67-000022, Vuln-ID|V-239214

Plugin: Unix

Control ID: e44d50f51e019794f3bf09d131fce83141e9d879c139b4e1e1a25e96ab783e1d