ESXi: esxi-8.logs-audit-local-capacity

Information

The ESXi host must store one week of audit records. If a remote audit record storage facility is available, it is essential to ensure that the local storage capacity is sufficient to hold audit records that may accumulate during anticipated interruptions in the delivery of records to the facility. This ensures that audit records are not lost or overwritten during periods when the remote storage is unavailable, allowing for seamless continuity of the audit trail and compliance requirements.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting Syslog.global.auditRecord.storageCapacity | Set-AdvancedSetting -Value 100

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CCI|CCI-001849

Plugin: VMware

Control ID: 604ca610dcf9221b465e93e4c2c979b7eb5a0c5b4cd67250cf0606d8339e30b1