ESXI-06-100004 - The VMM must support the capability to centrally review and analyze audit records from multiple components within the system by configuring remote logging.


Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record.


From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the value and configure it to a site specific syslog server.


From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name | Set-AdvancedSetting -Value '<insert syslog server hostname>'

See Also

Item Details


References: 800-53|AU-6(4), CAT|II, CCI|CCI-000154, Group-ID|V-63477, Rule-ID|SV-77967r1_rule, STIG-ID|ESXI-06-100004, Vuln-ID|V-63477

Plugin: VMware

Control ID: 889980a29bd12d34dfa6f3647fd3e024b8e41280f50d500f60002fd75e6d7ac6