VMware Postgres log files must contain required fields.

An XCCDF Rule

Description

Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. As an embedded database that is only accessible via "localhost", VMware Postgres on the vCenter Server Appliance (VCSA) does not implement robust auditing. However, it can and must be configured to log reasonable levels of information relating to user actions to enable proper troubleshooting. Satisfies: SRG-APP-000089-DB-000064, SRG-APP-000095-DB-000039, SRG-APP-000096-DB-000040, SRG-APP-000097-DB-000041, SRG-APP-000098-DB-000042, SRG-APP-000099-DB-000043, SRG-APP-000100-DB-000201, SRG-APP-000101-DB-000044, SRG-APP-000375-DB-000323

ID: SV-256592r887562_rule
Version: VCPG-70-000002
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000169 CCI-001487 CCI-001889
Updated: about 2 months ago

Remediation Templates

At the command prompt, run the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_line_prefix TO '%m %c %x %d %u %r %p %l ';"

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"

VMware Postgres log files must contain required fields.

Description

Remediation Templates

A Manual Procedure