One of the STIG hardening requirement is that the logs should be moved to some permanent repository. rsyslog can be configured  to send the logs to external directory

• The .conf files under /etc/rsyslog.d/ has the configuration to monitor the vcf services log file.
• The state files can be moved to a different directory by configuring the $WorkingDirectory in /etc/rsyslog.conf. Or you can change the configurations that is there in /etc/rsyslog.d also to move the state files to some other directory.

If STIG complaint is not a requirement then the below workaround can be applied to disable rsyslog from monitoring the vcf services log files

1. Take snapshot of SDDC Manager VM before doing this
2. ssh to sddc manager with vcf user and then switch to root: su -
3. Navigate to root directory: 

    cd /

4. Remove all the imfile-state file:

   rm -i imfile-state\:*

5. Create a rsyslog backup directory:

   mkdir rsyslog_backup

6. Browse to rsyslog directory [The conf files for rsyslog are present in this directory] :

   cd /etc/rsyslog.d

7. Move all the stig-services file to the rsyslog backup directory created in Step5 : 

   mv stig-services-* ../../rsyslog_backup

8. Restart rsyslog service:

   systemctl restart rsyslog