7.25 (L1) Virtual machines must limit the number of retained diagnostic logs

Information

Limiting the number of retained diagnostic logs in virtual machines helps in managing datastore space effectively without hampering diagnostic capabilities. The parameter governing this behavior is log.keepOld with a recommended setting of 10 or Undefined.

Maintaining a sensible limit on the number of diagnostic logs retained helps in avoiding potential issues related to datastore space exhaustion, while still retaining a useful set of recent logs for troubleshooting purposes.

Solution

To set this configuration utilize the vSphere interface as follows:

- Select the VM then select Actions followed by Edit Settings
- Click on the VM Options tab then expand Advanced
- Click on EDIT CONFIGURATION
- Click on ADD CONFIGURATION PARAMS then input log.keepOld with a value of 10
- Click OK then OK again.

To set the number of log files to be used to 10 run the following PowerCLI command:

# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name "log.keepOld" -value "10"

Impact:

There is no negative functional impact.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv7|6.4

Plugin: VMware

Control ID: 83d909f8bff2475982334023d6b813ff1ce18ef3b0f83dcbdb14ad7d090b5a3f