Back to listing

VMware Content Pack for ESXi Hypervisor and vCenter with Dashboard and Extractors for 7.x, 6.7, 6.5, 6.0, and 5.5

Other Solutions

VMware Content Packs and Extractors - including Memory/CPU/Storage /LDAP Login/Bad Login/Security Events Network snooping, and much more! Tested on Graylog 3.x



26 Jun 08:22

Last Push

03 Aug 10:41

Marketplace Rating



Your Rating

Please sign in to rate this add-on.


balakumarc about 1 month ago

Hi All,
I have a graylog opensource server , I want to receive logs from ESXi hosts and Vcenter, I tried to install vmware content pack- content_pack.json but got below error, Please suggest here,
Installing content pack failed with status: Error: cannot POST (500).
Could not install Content Pack with ID: 050458fa-856a-40b2-b194-2bed30858573

My Graylog version - 3.3.9
Thanks in advance ...

dcecchino 9 months ago

There was an issue with a line on the extractor and has been updated, thanks to all that identified the issue.

markusg80 10 months ago

@cgendrew i have the same issue. Dont know why this happens?! My Graylog is 4.0.0 without enterprise plugins

cgendrew 10 months ago

Hello, graylog neophyte here. How do you propertly install the extractors? Under SYSTEM/INPUT > manage extractors > Actions/Import Extractors ; i copy vmware_vcenter_extractors to Extractors JSON field and get error: "Could not import extractors. There was an error while parsing extractors. Are they in JSON format? SyntaxError: Unexpected token ] in JSON at position 149998."

dcecchino 12 months ago

@wdsoflo1 DVS and MAC pipelines rules are future use for feeding vmotion ports and mac addresses into the dashboard, however I already have a dashboard for that right now that should be operational. You can also use look up tables to create vmware datacenter names or assign fields that relate hypervisor to vcenters. Lots of cool stuff with graylog you can do. Alerting also very good too now!

Geo-Ron about 1 year ago

This content pack is terrific!
Only thing I have is that it kicks my machine to 100% cpu in the processing buffer when I target al my 16 hosts to the input. Need to sort that out..

wdsoflo1 about 1 year ago

Thank you @dcecchino for sharing this.
I was able to get this working by doing a syslog TCP input instead of UDP and by using port 1514 since ESXi 6 already has this port open. I see you have a pipeline called Vmware Network DVS and MAC but not rules are applied to it. What is this pipeline suppose do do?

kblack71 about 1 year ago

@zaheerabbas1988 Just Stumbled opon this. If your input does not recieve any messages, this is your problem: esxcli system syslog config set --loghost='udp://update_syslog_ip_or_hostname:514'. Graylog does not listen to the system reserved port 514. ESXi does not send to a high port.. You need to forward on the recieving side from 514 to "what ever highport" your input uses.

zaheerabbas1988 about 1 year ago

@Hucktx105 did you manage to solve this isssue?

dcecchino almost 2 years ago

Apologies, I just now saw this comment. Make sure you apply the extractors to the TCP input, there could be some there dependency that you are missing. Perhaps by now you have corrected it, if not hope you get it working!

Hucktx105 almost 2 years ago

Installed the content pact and extractors. Created a Syslog TCP input and data is being collected but Dashboard is blank. Do i have the correct input for the content pact? My Vmware is 6.7 update 3

Please sign in to comment.

Back to listing