Envoy log files must be shipped via syslog to a central log server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256744 | SRG-APP-000358-WSR-000063 | VCRP-70-000008 | SV-256744r889170_rule | 2023-02-21 | 1 |
Description
Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.
ℹ️ Check
At the command prompt, run the following command:
# rpm -V VMware-visl-integration|grep vmware-services-envoy.conf|grep "^..5......"
If the command returns any output, this is a finding.
✔️ Fix
Navigate to and open:
/etc/vmware-syslog/vmware-services-envoy.conf
Create the file if it does not exist.
Set the contents of the file as follows:
#envoy service log
input(type="imfile"
File="/var/log/vmware/envoy/envoy.log"
Tag="envoy-main"
Severity="info"
Facility="local0")
#envoy access log
input(type="imfile"
File="/var/log/vmware/envoy/envoy-access.log"
Tag="envoy-access"
Severity="info"
Facility="local0")