ESXI-06-100030 - The VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

Information

Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.

Solution

From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Config.HostAgent.log.level value and configure it to info.

or

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value 'info'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12b., CAT|III, CCI|CCI-000171, Group-ID|V-63509, Rule-ID|SV-77999r1_rule, STIG-ID|ESXI-06-100030, Vuln-ID|V-63509

Plugin: VMware

Control ID: 4832a401838e2bf35eb93a82796b4eedde3ece17ee0b8bff1ed70b1ad5aa4eed