VMware ESX
What is Discovered and Monitored
|
Protocol |
Information discovered |
Metrics collected |
Used for |
|---|---|---|---|
|
VMWare SDK |
ESX Server and the Guest hosts running on that server. ESX host clusters. Hardware (CPU, Memory, Disk, network Interface) for all guests, OS vendor and version for all guests. Virtual switch for connecting guest hosts to network interfaces. |
Both ESX level and guest host level performance metrics. Guest host level metrics include CPU/memory/disk utilization, CPU Run/Ready/Limited percent, memory swap in/out rate, free memory state, disk read/write rate/latency, network interface utilization, errors, bytes in/out. ESX level metrics include physical CPU utilization, ESX kernel disk read/writre latency etc |
Performance Monitoring |
|
VMWare SDK |
ESX logs include scenarios like ESX level login sucess/failure, configuration change, Guest host movement, account creation and modification |
Availability, Change and Security Monitoring |
Configuration
FortiSIEM discovers and monitors VMware ESX servers and guests over the the VMware SDK. Make sure that VMware Tools is installed on all the guests in your ESX deployment, and FortiSIEM will be able to obtain their IP addresses.
Settings for Access Credentials
User with System View Credentials
Make sure to provide a user with System View permissions who can access the entire vCenter hierarchy when setting up the access credentials for your VMware ESX device. See the VMware documentation on how to se tup a user with System View permissions.
Settings for VMware ESX VMSDK Access Credentials
Set these Access Method Definition values to allow FortiSIEM to communicate with your device.
| Setting | Value |
|---|---|
| Name | <set name> |
| Device Type | VMware ESX Server |
| Access Protocol | VM SDK |
| User Name | A user with System View permissions |
| Password | The password associated with the user |