This content Pack is only intended for Security Monitoring. If you noticed some data about security that is not parsed or missing fields, you can open an issue and I will update the Content Pack.
Tested with VMWARE vSphere 8.0.2 and ESXI 8.0.0 and Graylog 5.2.0.
The Content Pack should be compatible with all Graylog 5.X version.
Note this was built without extractors, only pipeline rules.
- 2 Input (Syslog/TCP/1515 for VCSA + Syslog/TCP/1514 for VCSA )
- 2 Streams (VCSA + ESXI)
- PipelineS Rule w/ Stages (Extract key/values pipeline function)
- Dashboards (24h) (VCSA Components) + VCenter (SSO Activities / VM Activities)
- Dashboards (24h) (ESXI Components) + ESXI (Web Auth / SSH Auth / VM Activities
- Graylog 5.0+
- VCENTER Appliance and ESXI managed by VCenter/VCSA
- VCSA configured to send logs
- ESXI configured to send log
- Open port 1514+1515 for TCP on the graylog host and/or docker compose file