VMware VCenter

Prerequisites

Log in to the vCenter Server Appliance Management Interface as root.

Configuring VMware vCenter

To configure log forwarding to syslog follow these steps:

Procedure

1. In the vCenter Server Appliance Management Interface, select Syslog.
2. In the Forwarding Configuration section, click Configure to add remote syslog host.
3. In the Create Forwarding Configuration pane, enter the server address of the destination host. The maximum number of supported destination hosts is three. <Forwarder IP>
4. From the Protocol drop-down menu, select the protocol to use
5. In the Port text box, enter the port number (11724) to use for communication with the destination host
6. Click Save

Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.