VCRP-70-000008 - Envoy log files must be shipped via syslog to a central log server

Information

Envoy rsyslog configuration is included in the 'VMware-visl-integration' package and unpacked to '/etc/vmware-syslog/vmware-services-envoy.conf'. Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.

Solution

Navigate to and open:

/etc/vmware-syslog/vmware-services-envoy.conf

Create the file if it does not exist.

Set the contents of the file as follows:

#envoy service log
input(type='imfile'
File='/var/log/vmware/envoy/envoy.log'
Tag='envoy-main'
Severity='info'
Facility='local0')
#envoy access log
input(type='imfile'
File='/var/log/vmware/envoy/envoy-access.log'
Tag='envoy-access'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-256744r889170_rule, STIG-ID|VCRP-70-000008, Vuln-ID|V-256744

Plugin: Unix

Control ID: 476e549965c891b15803b79c81cc867f9dffcc183b9075b24603d85ebbf043da