Documentation Center
AlienVault® USM Appliance™

VMware View Administrator

When you configure VMware View Administrator to send log data to USM Appliance, you can use the VMware View Administrator plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor VMware
Device Type Application
Connection Type Syslog
Data Source Name VMware View Administrator
Data Source ID 1892

Integrating VMware View Administrator

Before you configure the VMware View Administrator integration, you must have the IP Address of the USM Appliance Sensor.

To configure VMware View Administrator to send log data to USM Appliance

  1. In the View Administrator, select View Configuration > Event Configuration.
  2. (Optional) In the Syslog area, click Add (next to Send to syslog servers), and specify the USM Appliance IP address and the port number 514. This step lets you configure the View Connection Server to send events to a Syslog server.
  3. (Optional) To enable VMware View event log messages to be generated and stored in log files (in Syslog format), select the Log to file: Enable check box. The log files are retained locally unless you specify a UNC path to a file share.
  4. (Optional) To store the View event log messages in a file share, click Add (next to Copy to location), and supply the UNC path to the file share and folder in which to store the log files (along with the user name, domain name, and password of an account that has permission to write to the file share).

    The following is an example of a UNC path:

    \\syslog-server\folder\file

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://pubs.vmware.com/view-52/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-429DBA6E-301C-4578-86FB-093755F64173.html

For troubleshooting, refer to the vendor documentation:

https://pubs.vmware.com/view-50/index.jsp#com.vmware.view.administration.doc/GUID-6B20BD72-2BC3-41A0-A356-F85258EA5A08.html