VMware Cloud Community
thomasbayer82
Contributor
Contributor

Forward "administrative audit logs" to syslog

Hi guys,

I'm looking for a way to forward every change that is done to/within both ESXi and vCenter to a syslog receiver.

I tried forwarding syslogs by just adding the destination address which works but I get a ton of messages that I don't care about.

All I really care about are events like:

"admin X added 2 more vCPUs to VM Y"

"admin X disconnected host Y from datacenter Z"

"admin Z failed to login to vCenter X from IP Y - cause: wrong password"

Just changing the severity level is not the solution in this case.

Has anybody figured out how to forward "administrative audit logs" to syslog?

Thanks!

(We are on version 6.5)

Reply
0 Kudos
2 Replies
daphnissov
Immortal
Immortal

Best way is to use vRealize Log Insight and configure the vSphere integration feature which will automatically collect tasks, events, and more from vCenter and automatically configure all hosts to forward their logs as well. All this information should be captured in those logs.

thomasbayer82
Contributor
Contributor

Log Insight sound reasonable.

Just curious is there a way to froward those logs/events without additonal tools and cost?

(We have more than 25 hosts and a couple hundred VMs.)

Thanks!

Reply
0 Kudos