VCPG-67-000022 - Rsyslog must be configured to monitor VMware Postgres logs - first

Information

For performance reasons, rsyslog file monitoring is preferred over configuring VMware Postgres to send events to a syslog facility. Without ensuring that logs are created, that rsyslog configs are created, and that those configs are loaded, the log file monitoring and shipping will not be effective.

Satisfies: SRG-APP-000359-DB-000319, SRG-APP-000360-DB-000320, SRG-APP-000092-DB-000208

Solution

Navigate to and open /etc/vmware-syslog/stig-services-vpostgres.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile'
File='/var/log/vmware/vpostgres/serverlog.std*'
Tag='vpostgres-first'
Severity='info'
Facility='local0')

input(type='imfile'
File='/var/log/vmware/vpostgres/postgresql-*.log'
Tag='vpostgres'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-239214r879732_rule, STIG-ID|VCPG-67-000022, Vuln-ID|V-239214

Plugin: Unix

Control ID: ed2f34f4748440a9bd4925175e87864359baf488a1ce80ea81963dd11e42329c