← Back to VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

V-256744

CAT II (Medium)

Envoy log files must be shipped via syslog to a central log server.

Rule ID

SV-256744r889170_rule

STIG

VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001851

Discussion

Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.

Check Content

At the command prompt, run the following command: 
 
# rpm -V VMware-visl-integration|grep vmware-services-envoy.conf|grep "^..5......" 
 
If the command returns any output, this is a finding.

Fix Text

Navigate to and open: 
 
/etc/vmware-syslog/vmware-services-envoy.conf 
 
Create the file if it does not exist. 
 
Set the contents of the file as follows: 
 
#envoy service log 
input(type="imfile" 
      File="/var/log/vmware/envoy/envoy.log" 
      Tag="envoy-main" 
      Severity="info" 
      Facility="local0") 
#envoy access log 
input(type="imfile" 
      File="/var/log/vmware/envoy/envoy-access.log" 
      Tag="envoy-access" 
      Severity="info" 
      Facility="local0")