Up
Previous Next

Sheriff CSM™

VMware SSO

When you configure VMware vCenter SSO to send log data to Sheriff CSM, you can use the VMware SSO plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	VMware
Device Type	Network access control
Connection Type	Syslog
Data Source Name	VMware-sso
Data Source ID	1894

Integrating VMware SSO

Before you configure the VMware vCenter SSO Server integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure VMware vCenter SSO Server to send log data to Sheriff CSM

1. Log in as administrator@your_domain_name to the vCenter Server instance in the vCenter Server CSM by using the vSphere Web Client.

2. On the vSphere Web Client Home page, click System Configuration.

3. Under System Configuration, click Nodes and select a node from the list.

4. Click the Related Objects tab.

   You see a list of services running in the node you selected.

5. Right-click on VMware Syslog Service and select Settings.

6. Click Edit.

7. From the Common Log Level drop-down menu, select *.

8. In the Remote Syslog Host text box, enter the Sheriff CSM Sensor IP address.

9. In the Remote Syslog Port text box, enter 514.

10. From the Remote Syslog Protocol drop-down menu, select UDP.

11. Click OK.

12. From the Actions menu, click Restart, so that the configuration changes are applied.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.vcsa.doc/GUID-9633A961-A5C3-4658-B099-B81E0512DC21.html

For troubleshooting, refer to the vendor documentation:

https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.troubleshooting.doc%2FGUID-595A448F-CF60-4139-A107-4D0477A193B5.html