Check: ESX0820
VMware ESX 3 Policy:
ESX0820
(in version v1 r2)
Title
VirtualCenter logs are reviewed daily. (Cat II impact)
Discussion
It is necessary to review VirtualCenter logs for suspicious activity, problems, attacks, or system warnings will go undetected. These logs provide visibility into the activities and events of the VirtualCenter. These logs enable system administrators and auditors the ability to recreate past events, monitor the system, and ensure security policies are being enforced.
Check Content
Ask the IAO/SA how often they review the VirtualCenter logs. VirtualCenter logs include System Logs and Events. If the logs are not reviewed daily, this is a finding.
Fix Text
Review the VirtualCenter logs daily.
Additional Identifiers
Rule ID: SV-16822r1_rule
Vulnerability ID: V-15881
Group Title: VirtualCenter logs are reviewed daily
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |