Hi,
Trying to help the SIEM team out by limiting the amount of logs being sent from the ESXi servers. We only really require security events to be sent to SIEM but I think there are two options here which may work:-
Any help would get greatly appreciated.
I think you first need to define what a security event is to you. Is it only login events ? or does it include what's been done inside ESXi console. Is it limited to ESXi only or to VMs also need to login event and what kind ?
Hi,
I need to do the same, did you ever get it set up ?
Dec