ESXI-67-000004 - Remote logging for ESXi hosts must be configured.


Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and also provides a long-term audit record.

Satisfies: SRG-OS-000032-VMM-000130, SRG-OS-000342-VMM-001230, SRG-OS-000479-VMM-001990


From the vSphere Client, select the ESXi host and go to Configure >> System >> Advanced System Settings.

Click 'Edit', select the '' value, and configure it to a site-specific syslog server.


From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

Get-VMHost | Get-AdvancedSetting -Name | Set-AdvancedSetting -Value ''

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Audit and Accountability.This control applies to the following type of system VMware.