The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records.
An XCCDF Rule
Description
<VulnDiscussion>In order to ensure ESXi has sufficient storage capacity in which to write the audit logs, audit record storage capacity should be configured. If a central audit record storage facility is available, the local storage capacity should be sufficient to hold audit records that would accumulate during anticipated interruptions in delivery of records to the facility.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258743r933290_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the vSphere Client, go to Hosts and Clusters.
Select the ESXi Host >> Configure >> System >> Advanced System Settings.
Click "Edit". Select the "Syslog.global.auditRecord.storageCapacity" value and configure it to "100".