Syslog - VMware vCenter Server
Device Details
Vendor | VMware |
|---|---|
Device Type | VMware Server |
Supported Model Name/Number | VMware vCenter Server |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | No |
Log Source Type | Syslog - VMware vCenter Server |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://www.vmware.com/in/products/vcenter-server/future-overview.html |
Prerequisites
- vCenter Server 5.x requires a 64-bit (Supported host operating systems for VMware vCenter Server)
- Microsoft Windows Installer version 4.5 (MSI 4.5) is required on your system
- Supported databases ( VMware Product Interoperability Matrixes)
Host Hardware Requirements
- Intel or AMD x64 processor with two or more logical cores, each with a speed of 2 GHz
- 12 GB Memory requirements are higher if the vCenter Server database runs on the same machine as vCenter Server.
- 40-60 GB of free disk space is required after the installation, depending on the size of your inventory. You should provide more space to allow for future growth of your inventory. Disk storage requirements are higher if the vCenter Server database runs on the same machine as vCenter Server, depending on the size of those databases
- Networking – 1G bit recommended
Device Configuration Checklist
Verify the following:
- The vCenter Server system and its configuration files reside on shared storage.
- The hosts are configured to access the shared storage so you can power on the VMs by using different hosts in the cluster.
- Hosts are configured to have access to the VM network.
- You are using redundant management network connections for vSphere HA.
- You are using redundant management network connections for vSphere HA.
- You have configured hosts with at least two datastores to provide redundancy for vSphere HA datastore heartbeating.
- vSphere Web Client is connected to vCenter Server using an account with cluster administrator permissions.
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
User Authentication messages | 2.0 | <severity>, <source name>, <process>, <user origin domain>, <user login>, <source IP address>, <user action>, <user browser information> |
User Session Info messages | 2.0 | <log severity>, <source name>, <process>, <protocol number>, <user session login/logout information>, <severity>, <user login info>, <user action>, <user browser information> |
Task Event | 2.0 | <log severity>, <source name>, <process>, <protocol number>, <event id>, <log information>, <severity>, <user login info>, <VMware task information> |
API HEALTH Execution messages | 2.0 | <log severity>, <source name>, <process>, <protocol number>, <log information>, <command> |
VMware Event Information | 2.0 | <log severity>, <source name>, <process>, <protocol number>, <event id>, <log information>, <severity>, <user login info>, <object information> |
Authentication Messages | 2.0 | <log severity>, <source name>, <process>, <session>, <vendor info>, <account> |
Vcenter Server Message | 2.0 | <log severity>, <source name>, <process>, <object info>, <vendor info>, <object name> |
HTTP Client Information | 2.0 | <log severity>, <source name>, <process>, <destination ip address>, <command>, <object info>, <response code>, <protocol number> |
VMON Service Message | 2.0 | <log severity>, <source name>, <process>, <protocol number>, <vendor info>, <object info> |
Hostd Messages | 2.0 | <log severity>, <source name>, <process>, <object info>, <session>, <user info>, <message id> |
Cron Job Execution | 2.0 | <log severity>, <source name>, <process>, <process id>, <user login>, <object info> |
VMAF Daemon Messages | 2.0 | <log severity>, <source name>, <process>, <vendor info>, <object info> |
Parsed Metadata Fields
VMware vCenter Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
N/A | <severity> | Text/String |
N/A | <sname> | Text/String |
N/A | <process> | Text/String |
N/A | <protnum> | Numeric/Number |
N/A | <domainorigin> | Text/String |
N/A | <login> | Username |
N/A | <sip> | Source IP Address |
N/A | <action> | User action/String |
N/A | <useragent> | Browser Info/String |
N/A | <session> | Session/String |
N/A | <vendorinfo> | Vendor Info/String |
N/A | <vmid> | Message Id/String |
N/A | <object> | Object Info/String |
N/A | <objectname> | Object Name/String |
N/A | <processid> | Numeric/Number |
N/A | <command> | Command/String |
N/A | <dip> | Destination IP Address |
N/A | <responsecode> | Text/String |
N/A | <account> | Account/String |