Up
Previous Next

Sheriff CSMâ„¢

VMware vCenter

When you configure VMware vCenter to send log data to Sheriff CSM, you can use the VMware vCenter plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor VMware
Device Type Virtual machine management
Connection Type Syslog
Data Source Name vmware-vcenter
Data Source ID 1658

Integrating VMware vCenter

To configure VMware vCenter to send log data to Sheriff CSM

  1. Follow the VMware vSphere documentation to configure log forwarding in the vCenter Server CSM Management Interface.

    Note: The link above provides instructions for vCenter 6.7. Please search the vendor documentation if you are using a different version.

  2. Enter the IP address of the Sheriff CSM Sensor (Deputy) as the destination host.

  3. Select the Protocol and Port to use.

    Sheriff CSM listens for syslog at UDP or TCP port 514.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For troubleshooting, refer to the vendor documentation:

https://www.vmware.com/support/vcenter-server.html

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > PluginManagement > ConfigureLogForwardingOnCommonlyUsedDataSources > VMwareVCenter
Topic revision: 01 Jul 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.