VMware VCenter
The VMware vCenter DSM for JSA collects vCenter server events by using the VMware protocol.
The EMC VMware protocol uses HTTPS to poll for vCenter appliances for events. You must configure a log source in JSA to collect VMware vCenter events.
Before you configure your log source to use the VMware protocol, it is suggested that you create a unique user to poll for events. This user can be created as a member of the root or administrative group, but you must provide the user with an assigned role of read-only permission. This ensures that JSA can collect the maximum number of events and retain a level of security for your virtual servers. For more information about user roles, see your VMware documentation.
EMC VMware Log Source Parameters for VMware vCenter
Add a VMware vCenter log source on the JSA Console by using the EMC VMware protocol.
When using the EMC VMware protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect EMC VMware events from VMware vCenter:
Parameter |
Description |
---|---|
Log Source type |
VMware vCenter |
Protocol Configuration |
EMC VMware |
Log Source Identifier |
Type the IP address or host name for the log source. This value must match the value that is configured in the ESX IP field. |
VMware IP |
Type the IP address of the VMware ESXi server. The EMC VMware protocol appends the IP address of your VMware ESXi server with HTTPS before the protocol requests event data. |
User Name |
Type the user name that is required to access the VMware vCenter server. |
Password |
Type the password that is required to access the VMware vCenter server. |
VMware vCenter Sample Event Message
Use this sample event message to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage returns or line feed characters.
VMware vCenter sample message when you use the Syslog protocol
Sample 1: The following sample event message shows that a user is granted access to the specified resource.
<142>Apr 14 08:33:05 vmware.vcenter.test - UserId : aaaaaa-111-111-1111-aaaaqqqqqq, UserName : admin, AuthSource : LOCAL, Session : aaaaaa-111-111-1111-aaaaqqqqqq:: 952f4613-9416-4769-9ba4-7ec5ce73ab85, Category : ACCESS_GRANTED - Access to \"metadata.resourceKind.get\" is granted
JSA field name |
Highlighted values in the event payload |
---|---|
Event ID |
ACCESS_GRANTED |
Username |
admin |
Sample 2: The following sample event message shows a user login session event.
<14>1 2020-10-07T13:00:44.136034+02:00 vmware.vcenter.test vpxd 4188 - - Event [420537] [1-1] [2020-10-07T11:00:44.13551Z] [vim.event.UserLoginSessionEvent] [info] [TEST1.TEST\\vpxd-ext] [] [420537] [User TEST1.TEST\\vpxd-ext logged in as VMware vim-java 1.0]
JSA field name |
Highlighted values in the event payload |
---|---|
Event ID |
UserLoginSessionEvent |
Username |
TEST1.TEST\\vpxd-ext |