Rule ID
SV-258800r933461_rule
Version
V1R1
CCIs
The log filtering capability allows users to modify the logging policy of the syslog service that is running on an ESXi host. Users can create log filters to reduce the number of repetitive entries in the ESXi logs and to deny specific log events entirely. Setting a limit to the amount of logging information restricts the ability to detect and respond to potential security issues or system failures properly.
From an ESXi shell, run the following command: # esxcli system syslog config logfilter get or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: $esxcli = Get-EsxCli -v2 $esxcli.system.syslog.config.logfilter.get.invoke() If "LogFilteringEnabled" is not set to "false", this is a finding.
From an ESXi shell, run the following command: # esxcli system syslog config logfilter set --log-filtering-enabled=false or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: $esxcli = Get-EsxCli -v2 $arguments = $esxcli.system.syslog.config.logfilter.set.CreateArgs() $arguments.logfilteringenabled = $false $esxcli.system.syslog.config.logfilter.set.invoke($arguments)