Enabling VMware ESXi (Preview) data connector

Brass Contributor


I have ingested ESXi server logs to Sentinel through on-premises log forwarder.

I could see the logs in syslog table in Sentinel, but I don't see the VMware ESXi data connector enabled, also the VMwareESXi table is not there

Any additional steps I have to do to enable this VMware ESXi data connector?

Also what is the recommended facilities to enable for this syslog type.

2 Replies
There is no additional "VMwareESXi" table that gets created. All the data is sent to the "Syslog" table and you can filter that by your system. It appears that the sample queries that are listed with the Data Connector are incorrect
Thank you GBushey for your answer