VCRP-70-000007 - Envoy (rhttpproxy) log files must be shipped via syslog to a central log server.

Information

Envoy produces several logs that must be offloaded from the originating system. This information can then be used for diagnostic purposes, forensics purposes, or other purposes relevant to ensuring the availability and integrity of the hosted application.

Envoy (rhttpproxy) rsyslog configuration is included in the 'VMware-visl-integration' package and unpacked to '/etc/vmware-syslog/vmware-services-rhttpproxy.conf'. Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.

Solution

Navigate to and open:

/etc/vmware-syslog/vmware-services-rhttpproxy.conf

Create the file if it does not exist.

Set the contents of the file as follows:

#rhttpproxy log
input(type='imfile'
File='/var/log/vmware/rhttpproxy/rhttpproxy.log'
Tag='rhttpproxy-main'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-256743r889167_rule, STIG-ID|VCRP-70-000007, Vuln-ID|V-256743

Plugin: Unix

Control ID: b7ea3cc9cf05faeef9f8f0ddeee15da8119c97f5c7b035bc0fc2fdc97b4f85d0