Data Source: VMWare ESXi Syslog

Date: 2025-11-04

ID: f91c5ad1-2a44-4be3-93df-43150fa243e5

Author: Raven Tait, Splunk

Description

Data source object for syslog data from VMWare ESXi

Details

Property	Value
Source	`vmware:esxlog`
Sourcetype	`vmw-syslog`

Supported Apps

Add-on for VMware ESXi Logs (version 4.2.2)

Event Fields

+ Fields

  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">host</span>
  
  <span class="pill kill-chain">Message</span>
  
</div>

Example Log

1Jul  1 14:30:23 192.168.8.233 2025-07-01T14:29:11.508Z localhost.localdomain shell[1627100]: [root]: esxcli system auditrecords local set
2Jul  1 14:30:21 192.168.8.233 2025-07-01T14:29:09.506Z localhost.localdomain shell[1627100]: [root]: esxcli system auditrecords local delete

Source: GitHub | Version: 2