vmWare vCenter & ESXi - Log Filter

Hi all,

we collect the VMware vCenter & ESXi LOGs with InsightIDR. We have seen that we get too much “useless” data from vmWare via syslog.

Is there a way to filter vmware logs and send only necessary logs via syslog to the collector? And which logs make sense except authentication logs for vmware?

I have not found any usable infos on web for that topic

Thank you,
Norman

Hi @njennewein1 , we actually have an event source filter feature which can be enabled on a per Org basis. This event source filter accepts a regex to allow you to drop events that match a particular pattern, for a specific event source. This would allow you to not collect the noisy events you don’t need.

If you’d like to have this enabled please raise a support case and we will look after it.

David

2 Likes

Thank you David!
I will check with vmWare if it is possible to filter the logs there already and if it is not, then I will open a case with R7 to drop the unnecessary logs there.

Best Regards,
Norman