VMware vCenter Server 5.5–7.0: source configuration
For vCenter Server for Windows versions 5.5–6.5, only event collection via the vSphere API is supported. For vCenter Server Appliance versions 6.0–7.0, event collection via the vSphere API and syslog event collection are supported. It is sufficient to configure either of the options.
If a firewall is used, you must configure the rules allowing external connections to the TCP/IP ports being used. By default, TCP port 443 is used to access VMware vCenter Server.
To collect events from vCenter Server for Windows versions 5.5-6.5 via the vSphere API on the source, you must do the following:
- Use the OS tools to create a local OS user account for the MP 10 Collector access.You must enter the credentials of this account when adding a credential to MaxPatrol SIEM.
- Add the account to the "Access this computer from the network" local (group) security policy.
- Add the account to the list of the VMware vCenter server users.
To collect events from vCenter Server Appliance 6.7, 7.0 via the vSphere API on the source, you must do the following:
- Create a user account for the vCenter Server Appliance.You must enter the credentials of this account when adding a credential to MaxPatrol SIEM.
- Add the account to the list of the VMware vCenter server users.
If the corporate IT infrastructure uses a firewall or other means of network traffic control, you must configure rules allowing traffic between the source host and the MP 10 Collector host on port UDP 514 or TCP 1468 (depending on the protocol used) in the direction of the MP 10 Collector host.
To collect syslog events on the source, you must configure sending of events to an external syslog server (the MP 10 Collector host).