Envoy log files must be shipped via syslog to a central log server.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-256744	SRG-APP-000358-WSR-000063	VCRP-70-000008	SV-256744r889170_rule	2023-02-21	1

Description
Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.

ℹ️ Check
At the command prompt, run the following command: # rpm -V VMware-visl-integration\|grep vmware-services-envoy.conf\|grep "^..5......" If the command returns any output, this is a finding.

✔️ Fix
Navigate to and open: /etc/vmware-syslog/vmware-services-envoy.conf Create the file if it does not exist. Set the contents of the file as follows: #envoy service log input(type="imfile" File="/var/log/vmware/envoy/envoy.log" Tag="envoy-main" Severity="info" Facility="local0") #envoy access log input(type="imfile" File="/var/log/vmware/envoy/envoy-access.log" Tag="envoy-access" Severity="info" Facility="local0")

✔️ Fix

Navigate to and open: /etc/vmware-syslog/vmware-services-envoy.conf Create the file if it does not exist. Set the contents of the file as follows: #envoy service log input(type="imfile" File="/var/log/vmware/envoy/envoy.log" Tag="envoy-main" Severity="info" Facility="local0") #envoy access log input(type="imfile" File="/var/log/vmware/envoy/envoy-access.log" Tag="envoy-access" Severity="info" Facility="local0")