Virtual machines (VMs) must enable logging.
An XCCDF Rule
Description
<VulnDiscussion>The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258720r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
For each virtual machine do the following:
From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> VM Options >> Advanced.
Click the checkbox next to "Enable logging". Click "OK".