Back to listing

VMware Content Pack for ESXi Hypervisor and vCenter with Dashboard and Extractors for 7.x, 6.7, 6.5, 6.0, and 5.5

Other Solutions

VMware Content Packs and Extractors - including Memory/CPU/Storage /LDAP Login/Bad Login/Security Events Network snooping, and much more! Tested on Graylog 3.x



26 Jun 08:22

Last Push

15 Mar 08:23

Marketplace Rating

No rating yet



Your Rating

Please sign in to rate this add-on.


dcecchino 4 months ago

There was an issue with a line on the extractor and has been updated, thanks to all that identified the issue.

markusg80 4 months ago

@cgendrew i have the same issue. Dont know why this happens?! My Graylog is 4.0.0 without enterprise plugins

cgendrew 4 months ago

Hello, graylog neophyte here. How do you propertly install the extractors? Under SYSTEM/INPUT > manage extractors > Actions/Import Extractors ; i copy vmware_vcenter_extractors to Extractors JSON field and get error: "Could not import extractors. There was an error while parsing extractors. Are they in JSON format? SyntaxError: Unexpected token ] in JSON at position 149998."

dcecchino 7 months ago

@wdsoflo1 DVS and MAC pipelines rules are future use for feeding vmotion ports and mac addresses into the dashboard, however I already have a dashboard for that right now that should be operational. You can also use look up tables to create vmware datacenter names or assign fields that relate hypervisor to vcenters. Lots of cool stuff with graylog you can do. Alerting also very good too now!

Geo-Ron 7 months ago

This content pack is terrific!
Only thing I have is that it kicks my machine to 100% cpu in the processing buffer when I target al my 16 hosts to the input. Need to sort that out..

wdsoflo1 7 months ago

Thank you @dcecchino for sharing this.
I was able to get this working by doing a syslog TCP input instead of UDP and by using port 1514 since ESXi 6 already has this port open. I see you have a pipeline called Vmware Network DVS and MAC but not rules are applied to it. What is this pipeline suppose do do?

kblack71 8 months ago

@zaheerabbas1988 Just Stumbled opon this. If your input does not recieve any messages, this is your problem: esxcli system syslog config set --loghost='udp://update_syslog_ip_or_hostname:514'. Graylog does not listen to the system reserved port 514. ESXi does not send to a high port.. You need to forward on the recieving side from 514 to "what ever highport" your input uses.

zaheerabbas1988 9 months ago

@Hucktx105 did you manage to solve this isssue?

dcecchino over 1 year ago

Apologies, I just now saw this comment. Make sure you apply the extractors to the TCP input, there could be some there dependency that you are missing. Perhaps by now you have corrected it, if not hope you get it working!

Hucktx105 over 1 year ago

Installed the content pact and extractors. Created a Syslog TCP input and data is being collected but Dashboard is blank. Do i have the correct input for the content pact? My Vmware is 6.7 update 3

Please sign in to comment.

Back to listing