Hi all,
we collect the VMware vCenter & ESXi LOGs with InsightIDR. We have seen that we get too much “useless” data from vmWare via syslog.
Is there a way to filter vmware logs and send only necessary logs via syslog to the collector? And which logs make sense except authentication logs for vmware?
I have not found any usable infos on web for that topic
Thank you,
Norman
Hi @njennewein1 , we actually have an event source filter feature which can be enabled on a per Org basis. This event source filter accepts a regex to allow you to drop events that match a particular pattern, for a specific event source. This would allow you to not collect the noisy events you don’t need.
If you’d like to have this enabled please raise a support case and we will look after it.
David
Thank you David!
I will check with vmWare if it is possible to filter the logs there already and if it is not, then I will open a case with R7 to drop the unnecessary logs there.
Best Regards,
Norman
Hi David,
please, can you provide me with more information about this feature?
Thanks
Hi Dome,
if you reach out to support we can enable this feature, see our docs on it here Filter your event source data | InsightIDR Documentation
David