VMWare VCenter and ESXI Version 8.X

Download from Github
View on GitHub
Open Issue

This content Pack is only intended for Security Monitoring. If you noticed some data about security that is not parsed or missing fields, you can open an issue and I will update the Content Pack.

Tested with VMWARE vSphere 8.0.2 and ESXI 8.0.0 and Graylog 5.2.0.

The Content Pack should be compatible with all Graylog 5.X version.

Note this was built without extractors, only pipeline rules.


  • 2 Input (Syslog/TCP/1515 for VCSA + Syslog/TCP/1514 for VCSA )
  • 2 Streams (VCSA + ESXI)
  • PipelineS Rule w/ Stages (Extract key/values pipeline function)
  • Dashboards (24h) (VCSA Components) + VCenter (SSO Activities / VM Activities)
  • Dashboards (24h) (ESXI Components) + ESXI (Web Auth / SSH Auth / VM Activities


  • Graylog 5.0+
  • VCENTER Appliance and ESXI managed by VCenter/VCSA
  • VCSA configured to send logs
  • ESXI configured to send log
  • Open port 1514+1515 for TCP on the graylog host and/or docker compose file

Good afternoon, I have done everything according to the instructions. I am getting logs from Vcentr, but the dashboards are not working. I get this error - Unknown field: Request contains unknown field: vmw_vc_Event.
I do not have these fields vmw_vc_*

Could you open an issue on github please ? avoid spamming here.