Collecting VMWare/VCSA-Logs - Best practice

KPS · January 14, 2022, 7:34am

Hi!

I am trying to collect VMWare-Logs with graylog 4.2.5
→ Created TCP-Syslog-Input
→ Tried Content-Pack from marketplace:

But: There is still a lot open.

According to Multiline/Fragmented Rsyslog Events - #5 by frantz - VMWare is sending multi-line-logs which are not handled, currently. So, there are logs, that do only contain: “–>”.

The dashboard of the contant-pack is empty, too.

Are you sending VMWare-logs to graylog? What is your concept? Do you need Logstash as “proxy”, or what are you using?

Thank you and best wishes.
KPS

KPS · January 14, 2022, 8:43am

One update: Syslog-Input is discarding most of the vmware-logs. RAW-input is able to show a lot more…

gsmith · January 15, 2022, 2:33am

Hello,

You may want to look at this for multiline logs.

I also found these …

Last thing I did find was under Collectors

I hope all this information will help.

system · January 29, 2022, 2:33am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Vmware esxi 6 logs Graylog Central (peer support)	2	2727	June 15, 2017
Multiline/Fragmented Rsyslog Events Graylog Central (peer support)	6	3013	May 30, 2019
VMWare host syslog Graylog Central (peer support)	7	6421	April 2, 2019
Unable to get the logs from ESXi host Graylog Central (peer support) access-specific-log- , dashboards	5	1030	October 6, 2022
Sending logs via TCP from VMWare ESXi Graylog Tech Challenges	4	2443	February 2, 2022