Documentation Center
AlienVault® USM Appliance™

VMware SSO

When you configure VMware vCenter SSO to send log data to USM Appliance, you can use the VMware SSO plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor VMware
Device Type Network access control
Connection Type Syslog
Data Source Name VMware-sso
Data Source ID 1894

Integrating VMware SSO

Before you configure the VMware vCenter SSO Server integration, you must have the IP Address of the USM Appliance Sensor.

To configure VMware vCenter SSO Server to send log data to USM Appliance

  1. Log in as [email protected]_domain_name to the vCenter Server instance in the vCenter Server Appliance by using the vSphere Web Client.
  2. On the vSphere Web Client Home page, click System Configuration.
  3. Under System Configuration, click Nodes and select a node from the list.
  4. Click the Related Objects tab.

    You see a list of services running in the node you selected.

  5. Right-click on VMware Syslog Service and select Settings.
  6. Click Edit.
  7. From the Common Log Level drop-down menu, select *.
  8. In the Remote Syslog Host text box, enter the USM Appliance Sensor IP address.
  9. In the Remote Syslog Port text box, enter 514.
  10. From the Remote Syslog Protocol drop-down menu, select UDP.
  11. Click OK.
  12. From the Actions menu, click Restart, so that the configuration changes are applied.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.vcsa.doc/GUID-9633A961-A5C3-4658-B099-B81E0512DC21.html

For troubleshooting, refer to the vendor documentation:

https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.troubleshooting.doc%2FGUID-595A448F-CF60-4139-A107-4D0477A193B5.html