ESXi : enable-remote-syslog

Information

Configure remote logging for ESXi hosts.

Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host you can more easily monitor all hosts with a single tool. You can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server helps prevent log tampering and also provides a long-term audit record. To facilitate remote logging VMware provides the vSphere Syslog Collector.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vcli.examples.doc/GUID-7391AF2D-BD74-4ED8-B649-DBB31EB3CB21.html

Solution

# Set Syslog.global.logHost for each host -
Get-VMHost | Foreach { Set-VMHostAdvancedConfiguration -VMHost $_ -Name Syslog.global.logHost -Value "NewLocation" }

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2)

Plugin: VMware

Control ID: 6529e60240bf24392b7cd100366d08e4cf3ef6736e1bffc59967d0ad0b101039