The ESXi host must not enable log filtering.

An XCCDF Rule

Description

<VulnDiscussion>The log filtering capability allows users to modify the logging policy of the syslog service that is running on an ESXi host. Users can create log filters to reduce the number of repetitive entries in the ESXi logs and to deny specific log events entirely. Setting a limit to the amount of logging information restricts the ability to detect and respond to potential security issues or system failures properly.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258800r933461_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

From an ESXi shell, run the following command:

# esxcli system syslog config logfilter set --log-filtering-enabled=false

or
From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

$esxcli = Get-EsxCli -v2
$arguments = $esxcli.system.syslog.config.logfilter.set.CreateArgs()
$arguments.logfilteringenabled = $false
$esxcli.system.syslog.config.logfilter.set.invoke($arguments)

The ESXi host must not enable log filtering.

Description

Remediation - Manual Procedure