Help
FortiSIEM Discussions
adem_netsys
Contributor II

Created on ‎09-06-2025 11:08 AM

ESX Parser

Hi guys, 

 

We have implemented ESX-SIEM integration and are experiencing performance issues due to receiving too many unknown events. Has anyone developed a parser for this?

 

Thanks in advance

67
0 Kudos
2 REPLIES 2
AlexPien
New Contributor II

Created on ‎09-12-2025 04:49 AM

The integrated vmware ESXi and vCenter Parser does not include all possible vmware logs. Honestly, the integration is quite poor, compared to other systems. As well the rules are mainly not security relevant: https://help.fortinet.com/fsiem/Public_Resource_Access/7_4_0/rules/rule_descriptions.htm#VCenter%20o... 

 

We are doing the following in each of our FortiSIEM setups:

1) Log everything from vcenter and ESXi to the SIEM with SYSLOG

2) Customize the Parser and create additional Event Types

3) Add additional Rules for Detection of Brute Force etc.

4) Log dropping in the SIEM for Event Types that we do not want, because they do not have security impact (e.g. some performance, vmotion, quorum, vsan logs)  

15
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎09-12-2025 06:40 AM

Hi @AlexPien @adem_netsys 

If you can share the event logs and any further content, I can take a look and see if we can incorporate this. 

Feel free to share with me directly or open a support case and provide me the ticket.


Appreciate the feedback.

Thanks

 

Dan

10
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.