Provides Graylog Dashboards for all Hypervisors, Storage performance, DVS Messages, Vmware version, Storage path failures, Host/Device Performance issues, Memory/CPU alerts, Last list of vmotions, MAC to DVS, VMware port group to hypervisor, Last login failures, Last successful logins, Last 2 hours guests attempting network sniffing, TOP LDAP users, and Vmware virtual machines recent changes by users all in a simple to use Dashboard competely customizable! To get the best benefit make sure your graylog instance is configured for syslog UDP, and make sure to use distributed switching within vmware! Have fun! Extractions using GROK, I’ve not had the time to change this to regex!
New: Cohesity Extractors and Dashboard for Backups New: Dell and Cisco UCS Extractions New: VMware 7 regex extractions New: Security Extractions
Download content_pack.json and install it under System/Input Content Packs
Download vmware_vcenter_extractors and import it under the System/Inputs/Manage extractors
It is recommended to apply a dedicated bucket ports/syslog input for vmware to structure your data!
Make sure you point your syslog for both hypervisors and vcenters, start receiving your data. View the Vmware Dashboard.
Hello!
I’ve installed this content pack but I’m seeing nothing. Is this supposed to just work automagically?
Each widget is displaying “Elasticsearch exception [type=index_not_found_exception, reason=no such index ]”
I’m new to GL and have only the default index. Do I need a specific index for this?
My ESXi host are indeed pushing syslog to my GL instance via tcp (instead of udp). Could that be the issue?
I’m hoping this ‘just works’ as I learn GL because I’d like to propose GL in a POC so I’m hoping to get some visuals in the dashboard w/o needing (yet) to have significant GL experience/knowledge.
Thanks!
Thanks for your contribution and update. Please check your content pack update to ensure that it’s properly marked and in the right place in the Marketplace.
Also, I’d like to introduce your work to the community. Please contact me at david.sciuto@graylog.com and I’ll include information on how the community can help to highlight the work Open Community members are doing in the Marketplace. I liked to help bring attention to your update.
Hi @dcecchino,
the extractors for vSphere 7 look for some lookup tables, but I can’t find them in the content pack.
Am I missing something from the docs?
Thank you for creating this, and it is obvious a lot of time has been put into this.
With the number of extraction rules though, it could really do with having the option to only try an extract if it contains the right start of the message. I did import the rules, but it completely melts the CPU due to the large extractions. I have seen some extractions take up to 7 seconds.
having issues with the dashboard when using Graylog 5.0.2+59d96f8.
The error I get is in the VMware Dashboard view. Query parsing error: Cannot parse query, cause: ‘*’ or ‘?’ not allowed as first character in WildcardQuery.
here are some examples.
On the dashbaord, I focus on the bad login section
clicking edit, shows unknown field
here is a log of an entry of a failed login that was sent to Graylog
I think this is my point. I made no changes to the dashboard. this is all stock.
To confirm, you are asking me to REMOVE the follow section in the screen shot? If so, why? I would like to know where the attempt came from.
