The NSX-T Manager must be configured to send logs to a central log server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-251787 | SRG-APP-000515-NDM-000325 | TNDM-3X-000088 | SV-251787r879886_rule | 2023-06-22 | 1 |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. |
| ℹ️ Check |
|---|
| From an NSX-T Manager shell, run the following command(s): > get logging-servers If any configured logging-servers are not configured with protocol of "tcp", "li-tls", or "tls" and level of "info", this is a finding. If no logging-servers are configured, this is a finding. Note: This check must be run from each NSX-T Manager as they are configured individually. |
| ✔️ Fix |
|---|
| (Optional) From an NSX-T Manager shell, run the following command(s) to clear any existing incorrect logging-servers: > clear logging-servers From an NSX-T Manager shell, run the following command(s) to configure a tcp syslog server: > set logging-server <server-ip or server-name> proto tcp level info From an NSX-T Manager shell, run the following command(s) to configure a tls syslog server: > set logging-server <server-ip or server-name> proto tls level info serverca ca.pem clientca ca.pem certificate cert.pem key key.pem From an NSX-T Manager shell, run the following command(s) to configure an li-tls syslog server: > set logging-server <server-ip or server-name> proto li-tls level info serverca root-ca.crt Note: If using the protocols TLS or LI-TLS to configure a secure connection to a log server, the server and client certificates must be stored in /image/vmware/nsx/file-store on each NSX-T Manager appliance. |