Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.
Navigate to and open:
Below the last line of the 'PreStartCommandArg' block, add the following line:
'StreamRedirectFile' : '%VMWARE_LOG_DIR%/vmware/eam/jvm.log',
Restart the appliance for changes to take effect.
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.