Log Collection VMware: The Basics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This guide tells you how to configure VMware collection protocol which collects events from a VMware virtual infrastructure.

Deployment Scenario

The following figure illustrates how you deploy the VMware Collection Protocol in Security Analytics.

VMware_Deployment.png

Configure VMware Collection Protocol in Security Analytics

You configure the Log Collector to use VMware collection for an event source in the event Source tab of the Log Collector parameter view. The following procedure explains the basic workflow for configuring an event source for VMware Collection in Security Analytics.  Please refer to:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collection service.
  3. Click AdvcdExpandBtn.PNG under Actions and select View > Config.
    The Log Collector Config view is displayed.
  4. Click the Event Sources tab.
  5. Select VMware as the collection protocol, and select Config.
  6. Click Icon-Add.png and select the event source category name (for example, vmware-events). The event source category is part of the content you downloaded from LIVE.
  7. Select a category and click Icon-Add.png in the Sources panel toolbar.
  8. Specify the basic parameters required for the VMware event source.
  9. Click AdvcdExpandBtn.PNG and specify additional parameters that enhance how the VMware protocol handles event collection for the event source.

Configure Event Sources to Use VMware Collection Protocol

You need to configure each event source that uses the VMware Collection protocol to communicate with Security Analytics (see Step 2: Configure VMware Event Sources to Send Events to Security Analytics).

You are here: VMware Collection Configuration Guide > lcvmBasics

Attachments

    Outcomes