we collect the VMware vCenter & ESXi LOGs with InsightIDR. We have seen that we get too much “useless” data from vmWare via syslog.
Is there a way to filter vmware logs and send only necessary logs via syslog to the collector? And which logs make sense except authentication logs for vmware?
I have not found any usable infos on web for that topic
Hi @njennewein1 , we actually have an event source filter feature which can be enabled on a per Org basis. This event source filter accepts a regex to allow you to drop events that match a particular pattern, for a specific event source. This would allow you to not collect the noisy events you don’t need.
If you’d like to have this enabled please raise a support case and we will look after it.
Thank you David!
I will check with vmWare if it is possible to filter the logs there already and if it is not, then I will open a case with R7 to drop the unnecessary logs there.