Skip to main content

VMware ESXi

Modeling Rules for the VMware ESXi logs collector

VMware ESXi

This pack includes Cortex XSIAM content.

  • Pay attention: Timestamp parsing is available for UTC timezone in the following formats:
    • %Y-%m-%dT%H:%M:%SZ - UTC +00:00 format.
    • %Y-%m-%dT%H:%M:%E3SZ - UTC +00:00 format with 3 digits of fractional precision.

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click, and select Syslog Collector -> Configure.
  3. When configuring the Syslog Collector, set:
    • vendor as vendor<- VMware
    • product as product<- Esxi

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 14, 2022
Last ReleaseNovember 20, 2024
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.