ESXi

 View Only
  • 1.  Syslog Collector - Security Logs

    Posted Feb 23, 2012 10:41 AM

    Hi,

    I have installed a VMware vCenter server together with the syslog collector. It's collecting the logs from the hosts. However we would like to see authentication logs as well in the log file.

    Can someone explain how to do this but. It seems that it doesn't collect the logs van the auth log file.

    Thank you.



  • 2.  RE: Syslog Collector - Security Logs

    Posted Feb 24, 2012 08:22 AM

    Good day,

    Authentication attempts against your vCenter server will appear in your Windows Security logs, so configure your syslog collector to collect those.  You're likely already collecting the vpxd.log file from each of your hosts, and you can also find login attempts there.

    Of course, exactly "how" to collect these files depends on your syslog collector, but since you're already collecting some logs, I assume you know how to configure the actual collecting part.

    Cheers,

    Mike

    http://VirtuallyMikeBrown.com

    https://twitter.com/#!/VirtuallyMikeB

    http://LinkedIn.com/in/michaelbbrown



  • 3.  RE: Syslog Collector - Security Logs

    Posted Feb 24, 2012 10:22 AM

    Hi,

    We have some security requirements that are asked/required by the management.

    • We leave the shell disabled by default
    • We do not allow direct SSH access with the root user
    • Users log in with their AD or local account
    • Security logs are directly pushed to a syslog server or whatever.

    We really need this "push security log" feature, because a user can modify log files. We do not want that.

    In my lab I have installed vCenter + Syslog Connector, configured the ESXi host. It 's collects the logs but only Vpxa en Hostd are in the log file. I would like to collect more if possible.



  • 4.  RE: Syslog Collector - Security Logs

    Posted Apr 10, 2012 09:05 PM

    JenLen - - Any luck with this? I have similar need.



  • 5.  RE: Syslog Collector - Security Logs

    Posted Apr 11, 2012 06:00 AM

    JCV , yes we have got it working. Our configuration was fine but we had to open the syslog port on the ESXi host manually. It's collecting everything, you can see what at engineer is doing etc...



  • 6.  RE: Syslog Collector - Security Logs

    Posted Apr 25, 2012 01:57 PM

    Hello

    We have the same need.

    best regards, Sven