Rule ID
SV-258720r933221_rule
Version
V1R1
CCIs
CCI-000366
The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activity, time sync, virtual hardware changes, vMotion migrations and machine clones. Due to the value these logs provide for the continued availability of each VM and potential security incidents, these logs must be enabled.
For each virtual machine do the following:
From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> VM Options >> Advanced.
Ensure that the checkbox next to "Enable logging" is checked.
or
From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
Get-VM | Where {$_.ExtensionData.Config.Flags.EnableLogging -ne "True"}
If logging is not enabled, this is a finding.For each virtual machine do the following: From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> VM Options >> Advanced. Click the checkbox next to "Enable logging". Click "OK". or From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands: $spec = New-Object VMware.Vim.VirtualMachineConfigSpec $spec.Flags = New-Object VMware.Vim.VirtualMachineFlagInfo $spec.Flags.enableLogging = $true (Get-VM -Name <vmname>).ExtensionData.ReconfigVM($spec)