Configuring VMWare ESXi logs
To configure log forwarding to syslog follow these steps:
Step 1: Browse the IP address in Chrome and login to VMware ESXi.
Step 2: Go to Navigator Block > Click Manage
Step 3: Go to System > Click Advanced Settings
Step 4: Go to Search bar in Advanced Settings > Type Syslog and select Syslog.global.logHost.
Step 5: After selecting Syslog global.logHost > Click the Edit option. One popup appears, just enter the value, and save it.
NOTE: Format for New value is udp://forwarder IP:port number ( i.e. 11660)
- Enable the firewall rule as per shown in the below screenshot.
- Go to Networking -> Firewall Rule -> search for Syslog -> Go to action -> Then click Enable.
- Now check whether the logs are reporting to the forwarder or not and then check in Chronicle.
- Once it starts reporting, assign it to their respective groups.