We have the LogRhythm product for consolidation and management of Windows logs and I know that it can receive syslogs from ESX, however I don't know how to filter the ESX syslogs once it is in LogRhythm.
Does anyone have any experience with this product? I really don't want to re-invent the wheel if someone already has an ESX specific template.
Gene
Gene,
We are looking to do the same thing. Have you gotten any feedback on this?
Mike
Hello,
LogRythm works great with the service console as it is looked at as Linux device. It should do the same for ESXi log files. There will be quite a bit of creation of rules for LogRythm for vSphere if you want vSphere specific log analysis.... If you do, do this, perhaps you could post to the forum a document to cover this to help others?
Best regards,
Edward L. Haletky
Communities Moderator, VMware vExpert,
Author: VMware vSphere and Virtual Infrastructure Security,VMware ESX and ESXi in the Enterprise 2nd Edition
Podcast: The Virtualization Security Podcast Resources: The Virtualization Bookshelf