Hi,
Trying to help the SIEM team out by limiting the amount of logs being sent from the ESXi servers. We only really require security events to be sent to SIEM but I think there are two options here which may work:-
- Only send security events
- There isn't a great deal on info on the net about this, has anyone done this before and have a filter which I could copy?
- filter out the high volume messages.
- I have started adding opID's to filter out but whilst the quantity of messages will reduce it doesn't really help out the SIEM team as they will still need the above security event information.
Any help would get greatly appreciated.