Table 5-24. Syslog Options Available Starting from ESXi 7.0 Update 1 (continued)
Option ESXCLI command Description
Syslog.global.auditRecord.stor
ageDirectory
esxcli system auditrecords
local set --directory=<dir>
Creates an audit record storage
directory and unless specified, sets /
scratch/auditLog as the default
location. You must not manually
create an audit record storage
directory and you cannot change the
audit record storage directory while
audit record storage is enabled (see
Syslog.global.auditRecord.stor
ageEnable).
Syslog.global.auditRecord.stor
ageEnable
esxcli system auditrecords
local enable
Enables the storage of audit records
on an ESXi host. If the audit record
storage directory does not exist, it is
created with the capacity specified
by
Syslog.global.auditRecord.stor
ageCapacity.
Syslog.global.certificate.chec
kCRL
esxcli system syslog config
set --crl-check=<bool>
Enables checking the revocation
status of all the certificates in an SSL
certificate chain.
Enables verification of X.509
CRLs, which are not checked by
default in compliance with industry
conventions. A NIAP-validated
configuration requires CRL checks.
Due to implementation limitations, if
CRL checks are enabled, then all
certificates in a certificate chain must
provide a CRL link.
Do not enable the crl-check
option for installations not related
to certification, because of the
difficulty in properly configuring an
environment that uses CRL checks.
Syslog.global.certificate.stri
ctX509Compliance
esxcli system syslog config
set --x509-strict=<bool>
Enables strict compliance with
X.509. Performs additional validity
checks on CA root certificates
during verification. These checks are
generally not performed, as CA roots
are inherently trusted, and might
cause incompatibilities with existing,
misconfigured CA roots. A NIAP-
validated configuration requires even
CA roots to pass validations.
Do not enable the x509-strict
option for installations not related
to certification, because of the
difficulty in properly configuring an
environment that uses CRL checks.
VMware ESXi Installation and Setup
VMware by Broadcom 239