Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

VMware VCloud Director

You can use the VMware vCloud Director DSM and the vCloud protocol for JSA to poll the vCloud REST API for events.

JSA supports polling for VMware vCloud Director events from vCloud Directory 5.1 appliances. Events that are collected by using the vCloud REST API are assembled as Log Extended Event Format (LEEF) events.

To integrate vCloud events with JSA, you must complete the following tasks:

  1. On your vCloud appliance, configure a public address for the vCloud REST API.

  2. On your JSA appliance, configure a log source to poll for vCloud events.

  3. Ensure that no firewall rules block communication between your vCloud appliance and the JSA console or the managed host that is responsible for polling the vCloud REST API.

Configuring the VCloud REST API Public Address

JSA collects security data from the vCloud API by polling the REST API of the vCloud appliance for events. Before JSA can collect any data, you must configure the public REST API base URL.

  1. Log in to your vCloud appliance as an administrator.

  2. Click the Administration tab.

  3. From the Administration menu, select System Settings >Public Addresses.

  4. In the VCD public REST API base URL field, type an IP address or host name.

    The address that you specify becomes a publically available address outside of the firewall or NAT on your vCloud appliance. For example, https://10.1.1.1/.

  5. Click Apply.

    The public API URL is created on the vCloud appliance.

You can now configure a log source in JSA.

Supported VMware vCloud Director Event Types Logged by JSA

The VMware vCloud Director DSM for JSA can collect events from several categories.

Each event category contains low-level events that describe the action that is taken within the event category. For example, user events can have user created or user deleted as a low-level event.

The following list is the default event categories that are collected by JSA from vCloud Director:

  • User events

  • Group events

  • User role events

  • Session events

  • Organization events

  • Network events

  • Catalog events

  • Virtual data center (VDC) events

  • Virtual application (vApp) events

  • Virtual machine (VM) events

  • Media events

  • Task operation events

VMware vCloud Director Log Source Parameters for VMware vCloud Director

If JSA does not automatically detect the log source, add a VMware vCloud Director log source on the JSA Console by using the VMware vCloud Director protocol.

When using the VMware vCloud Director protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect VMware vCloud Director events from VMware vCloud Director:

Table 1: VMware VCloud Director Log Source Parameters for the VMware vCloud Director DSM

Parameter

Description

Log Source Name (Optional)

A unique name for your log source.

Log Source Description (Optional)

A description for your log source.

Log Source Type

VMware vCloud Director

Protocol Configuration

VMware vCloud Director

Enabled

Select this checkbox to enable the log source. By default, the checkbox is selected.

Credibility

From the list, select the credibility of the log source. The range is 0 - 10.

The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

Target Event Collector

From the list, select the Target Event Collector to use as the target for the log source.

Coalescing Events

Select this checkbox to enable the log source to coalesce (bundle) events.

By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

Incoming Event Payload

From the list, select the incoming payload encoder for parsing and storing the logs.

Store Event Payload

Select this checkbox to enable the log source to store event payload information.

By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.