I was working on my vCenter management interface and I realized I don’t have syslogs going to anything so I thought I’d see about sending them to my local Insight collector and add an event source in IDR so I could get logs. I configured them to send in vCenter but now I’m looking around in IDR and I’m not seeing how I’d add that as an event source. Would it just be “Custom Logs”?
Yes it would be Custom Logs David, they will arrive under the Raw Logs Log set in log search if you configure them using that method.
You can then leverage the custom parser if you would like to parse out values to make key value pairs. Custom Parsing Tool | InsightIDR Documentation
1 Like