how to configure vmware esxi host to send logs to ibm qradar

Question

I have qradar setup on one host and vmware vsphere cloud setup on another host. My Vsphere cloud setup has one esxi host I want to send logs from of this esxi host to my qradar. How to do it.Please help.

score 0 · Answer 1 · answered Jun 29 '20 at 11:23

Go to vSphere Web Client
Click on Esxi host that you want to send logs to qradar
Go to Configure -> Advance System Setting
Click edit and filter keyword 'Syslog.global.logHost'
put value as 'udp://:514' in 'Syslog.global.logHost' field.Click OK.
Go to Configure -> Firewall
Click edit and filter keyword 'syslog'
Checked the syslog check box.Click OK.

score 0 · Answer 2 · edited Dec 24 '20 at 10:04

0

I want to add information on point 8, the firewall menu can be accessed via the network tab to restrict access through the firewall

edited Dec 24 '20 at 10:04

Zubair

915
2
9
28

answered Dec 24 '20 at 04:45

yamin

1

how to configure vmware esxi host to send logs to ibm qradar

2 Answers2