Security Audit – Syslog Collector

Centralized logging will can be done by deploying a syslog server and using this to collect and manage logs.  An easy option is to install the syslog server bundled with the vCenter installation, in this post I’ll walk through configuration on a Windows box, an discuss some of the caveats of this approach. This install …

Security Audit – ESXi Persistent logging Overview

By default, the logs on VMware ESXi are stored only in the in-memory file system [scratch file], and are lost upon reboot. There are two options to save logs so that a dedicated record of server activity is available for each host. Persistent logging to local or shared storage (datastore) Configure the syslog service to …

Security Audit – ESXi log retention

Hypervisor Retention of Logs on Disk Logs are not saved according to a period of time, but according to size, so once the log gets to X size a number is appended and a new log created.  The number of logs saved is the rotation – 16 rotation = 16 logs saved. For hypervisor logs …

security audit survival guide

The main point of a security audit is not to try and strangle the auditor, he is just doing his job, although you might think he is there to make your life impossible. I have put together a collection of posts, so you need not fear the dreaded visit of the men in dark suits… …

Security Audit – Set time source

For logging to be valid a time source (ntp server) should be set on each host To configure or change the setting see the post Reconfigure NTP Servers by esx cluster as this will save you heaps of time…:-)   This configuration can then be validated through powerCLI or vCenter Get-VMHost <hostname> | Select Name, …

Security Audit – Set and validate lock down mode for multiple hosts

It seems like the audit community have understood lockdown mode and are typically requesting that it is applied By enabling lockdown mode, no users other than vpxuser have authentication permissions, nor can they perform operations against the host directly. Lockdown mode forces all operations to be performed through vCenter Server. Though be warned if you …