VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs.

Information

For performance reasons, rsyslog file monitoring is preferred over configuring VAMI to send events to a syslog facility. Without ensuring that logs are created, that rsyslog configs are created, and that those configs are loaded, the log file monitoring and shipping will not be effective.

Satisfies: SRG-APP-000125-WSR-000071, SRG-APP-000358-WSR-000063, SRG-APP-000358-WSR-000163

Solution

Navigate to and open /etc/vmware-syslog/stig-services-vami.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile' File='/opt/vmware/var/log/lighttpd/access.log'
Tag='vami-access'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), 800-53|AU-9(2), CAT|II, CCI|CCI-001348, CCI|CCI-001851, Rule-ID|SV-239722r879582_rule, STIG-ID|VCLD-67-000014, Vuln-ID|V-239722

Plugin: Unix

Control ID: 051923ce4e2a172eaf96c8eef6638aa706430a21f6615b8284f1a8ccac612231