Forward vCenter Server Appliance Log Files to Remote Syslog Server

A few days ago I was required to obtain some audit logs from our SIEM system (Sumologic) and from vCenter and I noticed that our vCenter logs weren’t going in to Sumologic and that the log files required for SSO auditing or the VPXD log (where, among other things, stipulates what client was used by who to connect) were rotating every 7 days. This was not good. So I decided what better time than now to forward vCenter syslogs to Sumologic.

It was a little more complex than just enabling syslog through appliance management as by default, this does not collect the SSO logs, like:

  • /var/log/vmware/sso/ssoAdminServer.log – Auditing SSO logins
  • /var/log/vmware/sso/vmware-identity-sts.log – Auditing SSO user changes

I found this out by scouring the internet and piecing little pieces together and eventually, creating a rock solid syslog source for our vCenter Servers.

Please note: This is not an officially supported configuration by VMware and for larger environments, this could potentially have an impact on the vCenter Server service, so please take caution in the logs you decide to forward. And as always, test this in a lab first.

I also want to mention that this needs to be done on each VCSA instance, i.e. if you have a vCenter with an External PSC, this would need to be done on both servers, in order to collect all the logs.

So, lets begin:

Continue reading Forward vCenter Server Appliance Log Files to Remote Syslog Server

How to Monitor DHCP Addresses with IPSentry

Recently, I had taken part in a maintenance weekend at the office, post maintenance, Our IPSentry dashboard, (we use IPSentry for some of our monitoring), reported a couple errors, which was fixed.

Come Monday morning, a colleague of mine noticed that certain systems were down, which he brought up. I did some further investigation and noticed one of our DHCP pools were running out of leases. I wanted to see if IPSentry could monitor DHCP addresses, and as it turns out, it can.

It took me a while to figure this out, but now I know it, I’ll add it here for the world to share.

As mentioned before, in order to monitor DHCP leases, you would need to make use of the SNMP Addin for IPSentry.

So here are the prerequisites:

Continue reading How to Monitor DHCP Addresses with IPSentry

Using Lansweeper to find computers that do not have a specific windows update installed

So, today I was asked “How do I use product “X”” to to pull a report to list all systems that do not have a specific hotfix installed.

I will not be listing product “X” as

  1. It cannot do what was asked
  2. I don’t want to bad mouth the software, as what it’s actual purpose is, it does the job damn well.

So, below is a report (You can implement this via the “Report Builder” in Lansweeper).

Continue reading Using Lansweeper to find computers that do not have a specific windows update installed