VMware Cloud Community
JanLen
Contributor
Contributor
‎02-23-2012 02:40 AM

Syslog Collector - Security Logs

Hi,

I have installed a VMware vCenter server together with the syslog collector. It's collecting the logs from the hosts. However we would like to see authentication logs as well in the log file.

Can someone explain how to do this but. It seems that it doesn't collect the logs van the auth log file.

Thank you.

0 Kudos
5 Replies
VirtuallyMikeB
Expert
Expert
‎02-24-2012 12:21 AM

Good day,

Authentication attempts against your vCenter server will appear in your Windows Security logs, so configure your syslog collector to collect those.  You're likely already collecting the vpxd.log file from each of your hosts, and you can also find login attempts there.

Of course, exactly "how" to collect these files depends on your syslog collector, but since you're already collecting some logs, I assume you know how to configure the actual collecting part.

Cheers,

Mike

http://VirtuallyMikeBrown.com

https://twitter.com/#!/VirtuallyMikeB

http://LinkedIn.com/in/michaelbbrown

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
0 Kudos
JanLen
Contributor
Contributor
‎02-24-2012 02:21 AM

Hi,

We have some security requirements that are asked/required by the management.

  • We leave the shell disabled by default
  • We do not allow direct SSH access with the root user
  • Users log in with their AD or local account
  • Security logs are directly pushed to a syslog server or whatever.

We really need this "push security log" feature, because a user can modify log files. We do not want that.

In my lab I have installed vCenter + Syslog Connector, configured the ESXi host. It 's collects the logs but only Vpxa en Hostd are in the log file. I would like to collect more if possible.

0 Kudos
JCV
Contributor
Contributor
‎04-10-2012 02:04 PM

JenLen - - Any luck with this? I have similar need.

0 Kudos
JanLen
Contributor
Contributor
‎04-10-2012 10:59 PM

JCV , yes we have got it working. Our configuration was fine but we had to open the syslog port on the ESXi host manually. It's collecting everything, you can see what at engineer is doing etc...

0 Kudos
xooops
Contributor
Contributor
‎04-25-2012 06:57 AM

Hello

We have the same need.

best regards, Sven

0 Kudos