ESX Parser

adem_netsys · ‎09-06-2025

Hi guys,

We have implemented ESX-SIEM integration and are experiencing performance issues due to receiving too many unknown events. Has anyone developed a parser for this?

Thanks in advance

AlexPien · ‎09-12-2025

The integrated vmware ESXi and vCenter Parser does not include all possible vmware logs. Honestly, the integration is quite poor, compared to other systems. As well the rules are mainly not security relevant: https://help.fortinet.com/fsiem/Public_Resource_Access/7_4_0/rules/rule_descriptions.htm#VCenter%20o...

We are doing the following in each of our FortiSIEM setups:

1) Log everything from vcenter and ESXi to the SIEM with SYSLOG

2) Customize the Parser and create additional Event Types

3) Add additional Rules for Detection of Brute Force etc.

4) Log dropping in the SIEM for Event Types that we do not want, because they do not have security impact (e.g. some performance, vmotion, quorum, vsan logs)

FSM_FTNT · ‎09-12-2025

Hi @AlexPien @adem_netsys

If you can share the event logs and any further content, I can take a look and see if we can incorporate this.

Feel free to share with me directly or open a support case and provide me the ticket.

Appreciate the feedback.

Thanks

Dan

costello8 · ‎09-21-2025

I’ve run into something similar while working with ESX-SIEM integration. The flood of unknown events can really slow things down and make it tough to get usable data. I haven’t seen an official parser App yet, but I’d also be interested if someone has developed one or found a good workaround. Definitely feels like something that would make the integration a lot smoother.

ESX Parser

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website