Detections
Analytics
4.6 (L1) Host must enable audit record logging
Information
Enabling audit record logging on ESXi hosts ensures the local storage of audit records, providing a trail of activities performed on the host. This measure is pivotal for accountability, troubleshooting, and security investigations. The parameter governing this behavior is Syslog.global.auditRecord.storageEnable with a recommended setting of TRUE.Enabling audit record logging is crucial for maintaining a secure and compliant operational environment. It provides visibility into host activities, aiding in identifying and investigating unauthorized or malicious actions.
Solution
Impact:While beneficial for security and compliance, enabling audit record logging consumes additional storage space on the host, which may necessitate enhanced storage management practices to ensure optimal performance.
See Also
Item Details
Audit Name: CIS VMware ESXi 8.0 v1.1.0 L1
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.3, CSCv7|6.4
Plugin: VMware
Control ID: 0b1b24ebef8597b4a6d8e340a996bc97153e747a322c8c1767de9c4889093b1a