Showing results for 
Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 3

Vmware ESX 5 logs

Does anyone have any experience in pushing ESX5 logs into the ESM ? I can get ESX4.1 logs to send via syslog without issue. I have set up ESX 5 the same way, but so far nothing is received.

2 Replies
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Vmware ESX 5 logs

Hi Feeds

If you are having an issue with getting ESX to send syslogs there is some informaiton at sites like this;

Have you used tcpdump and verified that ESX is sending the syslog events? If it is then can you put a tcpdump on the receiver for that IP and port and see if you are getting traffic? If you are not getting it at the receiver interfaces then there is a networking problem.

If you are seeing the data at the interface, make sure you have configured the datasource with the correct IP and syslog port information and that has been written to the receiver. Then using Data Source Model VMware (ASP) set Support Generic Syslogs to Log "uknown syslog" event. Make sure you write out the datasource, rollout policy and then you *should* see events.

Let me know if this helps,


Level 9
Report Inappropriate Content
Message 3 of 3

Re: Vmware ESX 5 logs

Thanks for the url.  I have sent it over to the vm admins and will update on if/when we can get it to work.  I hope all that I was missing was the firewall piece.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator