VMware Cloud Community
tkdreamer
Enthusiast
Enthusiast
‎06-20-2017 04:48 AM
Jump to solution

Syslog authentification

Hello

Does anyone know  how to get syslog authentification? For the vCenter? For ESXi? vSphere client, webclient and ssh included? I need only the failed logons. I'm trying to find the right file.

Thank you

0 Kudos
1 Solution

Accepted Solutions
tkdreamer
Enthusiast
Enthusiast
‎07-28-2017 12:59 AM
Jump to solution

Hi all

I found the solution (regarding vSphere 5.5)

For ESXi servers:

Go to "Security Profile" in the "Software" area of the "Configuration" tab, check the checkbox "Syslog". The options in the Firewall menu depends on the configuration you wish to have.

Once configured, you will be able to see when false credentials have been used to connect with vSphere Client/web Client or SSH.

For Horizon View, go to the "View Configuration" menu, click on "Event Configuration", in the "Syslog" area, click the "Add" button, enter the IP address of your syslog server and (only) the "UDP Port" number (no TCP option seems to be available) This is almost the same with vShield.

You may configure as you wish the options to receive the logs on you syslog server.

Hope this will help.

Gary

View solution in original post

0 Kudos
2 Replies
tkdreamer
Enthusiast
Enthusiast
‎06-20-2017 07:15 AM
Jump to solution

I forgot to say that the concerned version is "5.5".

0 Kudos
tkdreamer
Enthusiast
Enthusiast
‎07-28-2017 12:59 AM
Jump to solution

Hi all

I found the solution (regarding vSphere 5.5)

For ESXi servers:

Go to "Security Profile" in the "Software" area of the "Configuration" tab, check the checkbox "Syslog". The options in the Firewall menu depends on the configuration you wish to have.

Once configured, you will be able to see when false credentials have been used to connect with vSphere Client/web Client or SSH.

For Horizon View, go to the "View Configuration" menu, click on "Event Configuration", in the "Syslog" area, click the "Add" button, enter the IP address of your syslog server and (only) the "UDP Port" number (no TCP option seems to be available) This is almost the same with vShield.

You may configure as you wish the options to receive the logs on you syslog server.

Hope this will help.

Gary

0 Kudos