This guide tells you how to configure VMware collection protocol which collects events from a VMware virtual infrastructure.
The following figure illustrates how you deploy the VMware Collection Protocol in Security Analytics.
Configure VMware Collection Protocol in Security Analytics
You configure the Log Collector to use VMware collection for an event source in the event Source tab of the Log Collector parameter view. The following procedure explains the basic workflow for configuring an event source for VMware Collection in Security Analytics. Please refer to:
- Step 1. Configure VMware Event Sources in Security Analytics for step-by-step instructions on how to configure event sources in Security Analytics that use the VMware Collection protocol.
- References - VMware Event Source Configuration Parameters for a detailed description of each VMware Collection Protocol parameter.
- In the Security Analytics menu, select Administration > Services.
- In the Services grid, select a Log Collection service.
- Click under Actions and select View > Config.
The Log Collector Config view is displayed.
- Click the Event Sources tab.
- Select VMware as the collection protocol, and select Config.
- Click and select the event source category name (for example, vmware-events). The event source category is part of the content you downloaded from LIVE.
- Select a category and click in the Sources panel toolbar.
- Specify the basic parameters required for the VMware event source.
- Click and specify additional parameters that enhance how the VMware protocol handles event collection for the event source.
Configure Event Sources to Use VMware Collection Protocol
You need to configure each event source that uses the VMware Collection protocol to communicate with Security Analytics (see Step 2. Configure VMware Event Sources to Send Events to Security Analytics).