https://community.splunk.com/t5/Security/Security-logs-from-VMware/m-p/58639#M1955 <P>Splunk is working on a new VMware app which may or may not take that into account (I have no knowledge of what is in the app other than it is a work in progress.) </P> <P>If you have a good programmer arond, they can write a program to follow the logs in the API and output them to Splunk. See the book <A href="http://www.amazon.com/VMware-VI-vSphere-SDK-Infrastructure/dp/0137153635/ref=sr_1_1?ie=UTF8&amp;qid=1313507088&amp;sr=8-1">VMware VI and vSphere SDK</A> from Steve Jin for reference. Steve's blog, <A href="http://www.doublecloud.org/">doublecloud.org</A>, provides some information that may help also.</P> <P>Jim</P> Tue, 16 Aug 2011 15:07:40 GMT jimodonald 2011-08-16T15:07:40Z https://community.splunk.com/t5/Security/Security-logs-from-VMware/m-p/58638#M1954 <P>What is best practice to get VMware security logs into Splunk. They will not be send with Syslog but are only accessable from the console.</P> Tue, 16 Aug 2011 13:13:50 GMT https://community.splunk.com/t5/Security/Security-logs-from-VMware/m-p/58638#M1954 rschutt 2011-08-16T13:13:50Z https://community.splunk.com/t5/Security/Security-logs-from-VMware/m-p/58639#M1955 <P>Splunk is working on a new VMware app which may or may not take that into account (I have no knowledge of what is in the app other than it is a work in progress.) </P> <P>If you have a good programmer arond, they can write a program to follow the logs in the API and output them to Splunk. See the book <A href="http://www.amazon.com/VMware-VI-vSphere-SDK-Infrastructure/dp/0137153635/ref=sr_1_1?ie=UTF8&amp;qid=1313507088&amp;sr=8-1">VMware VI and vSphere SDK</A> from Steve Jin for reference. Steve's blog, <A href="http://www.doublecloud.org/">doublecloud.org</A>, provides some information that may help also.</P> <P>Jim</P> Tue, 16 Aug 2011 15:07:40 GMT https://community.splunk.com/t5/Security/Security-logs-from-VMware/m-p/58639#M1955 jimodonald 2011-08-16T15:07:40Z