VMware Content Pack for ESXi Hypervisor and vCenter with Dashboard and Extractors for 7.x, 6.7, 6.5, 6.0, and 5.5

Published

26 Jun 08:22

Last Push

15 Sep 15:07

Marketplace Rating

No rating yet

Discussion

7 Comments

Readme from Github

glog vmware content pack and extractors for graylog confirmed tested on graylog 3.x

Provides Graylog Dashboards for all Hypervisors, Storage performance, DVS Messages, Vmware version, Storage path failures, Host/Device Performance issues, Memory/CPU alerts, Last list of vmotions, MAC to DVS, VMware port group to hypervisor, Last login failures, Last successful logins, Last 2 hours guests attempting network sniffing, TOP LDAP users, and Vmware virtual machines recent changes by users all in a simple to use Dashboard competely customizable! To get the best benefit make sure your graylog instance is configured for syslog UDP, and make sure to use distributed switching within vmware! Have fun!

Download content_pack.json and install it under System/Input Content Packs
Download vmware_vcenter_extractors and import it under the System/Inputs/Manage extractors
It is recommended to apply a dedicated bucket ports/syslog input for vmware to structure your data!
Make sure you point your syslog for both hypervisors and vcenters, start receiving your data. View the Vmware Dashboard.
Wait for your data to start coming in.

Tune your esxi syslog configuration via ssh

sed -i 's/verbose/error/g' /etc/vmware/vpxa/vpxa.cfg

sed -i 's/verbose/error/g' /etc/vmware/hostd/config.xml

sed -i 's/verbose/error/g' /etc/vmware/rhttpproxy/config.xml

sed -i 's/verbose/error/g' /etc/opt/vmware/fdm/fdm.cfg

sed -i 's/info/error/g' /etc/vmware/hostd/probe-config.xml

esxcli system syslog config set --loghost='udp://update_syslog_ip_or_hostname:514'

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true

esxcli network firewall refresh

/etc/init.d/vmware-fdm restart

/etc/init.d/rhttpproxy restart

/etc/init.d/hostd restart

/etc/init.d/vpxa restart

esxcli system syslog reload

TODO list migrate extractors to reg expression

Your Rating

Please sign in to rate this add-on.

Comments

dcecchino 28 days ago

@wdsoflo1 DVS and MAC pipelines rules are future use for feeding vmotion ports and mac addresses into the dashboard, however I already have a dashboard for that right now that should be operational. You can also use look up tables to create vmware datacenter names or assign fields that relate hypervisor to vcenters. Lots of cool stuff with graylog you can do. Alerting also very good too now!

Geo-Ron about 1 month ago

This content pack is terrific!
Only thing I have is that it kicks my machine to 100% cpu in the processing buffer when I target al my 16 hosts to the input. Need to sort that out..

wdsoflo1 about 1 month ago

Thank you @dcecchino for sharing this.
I was able to get this working by doing a syslog TCP input instead of UDP and by using port 1514 since ESXi 6 already has this port open. I see you have a pipeline called Vmware Network DVS and MAC but not rules are applied to it. What is this pipeline suppose do do?

kblack71 2 months ago

@zaheerabbas1988 Just Stumbled opon this. If your input does not recieve any messages, this is your problem: esxcli system syslog config set --loghost='udp://update_syslog_ip_or_hostname:514'. Graylog does not listen to the system reserved port 514. ESXi does not send to a high port.. You need to forward on the recieving side from 514 to "what ever highport" your input uses.

zaheerabbas1988 3 months ago

@Hucktx105 did you manage to solve this isssue?

dcecchino 12 months ago

Apologies, I just now saw this comment. Make sure you apply the extractors to the TCP input, there could be some there dependency that you are missing. Perhaps by now you have corrected it, if not hope you get it working!

Hucktx105 about 1 year ago

Installed the content pact and extractors. Created a Syslog TCP input and data is being collected but Dashboard is blank. Do i have the correct input for the content pact? My Vmware is 6.7 update 3

Please sign in to comment.

Back to listing