Azure VMware Solution
An Azure service that runs native VMware workloads on Azure.
393 questions
VMware ESXi (Preview) connector for Sentinel not connected
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 68%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Kibalatu
21
Reputation points
I having problems getting the VMware ESXi (Preview) connector to get connected from Sentinel. From VMware side it seems to be working because I can see the logs getting into the Syslog Linux(Ubuntu)Agent. But From Sentinel the connector shows not connected, I have created the and saved the parse function but still not connected. Below are some of the logs from the ESXi host to the syslog agent. Any help will be appreciated.
Jun 28 18:40:58 MX01-S3.bcfs.local vsansystem: info vsansystem[2102858] [vSAN@6876 sub=Libs] VsanInfoImpl: Refresh config generation
Jun 28 18:40:58 MX01-S3.bcfs.local vsansystem: info vsansystem[2102858] [vSAN@6876 sub=Libs] VsanInfoImpl: vSan mode is set to : Mode_None
Jun 28 18:40:58 MX01-S3.bcfs.local vsansystem: info vsansystem[2102858] [vSAN@6876 sub=Libs] VsanInfoImpl: Loading 0 dit subclusters from config store on normal node
Jun 28 18:40:58 MX01-S3.bcfs.local vsansystem: info vsansystem[2102858] [vSAN@6876 sub=Libs] VsanInfoImpl: Assigning the default datastore
Jun 28 18:40:58 MX01-S3.bcfs.local VSANMGMTSVC: error vsand[2102858] [opID=MainThread VsanHostHelper::isWitnessHost] vsi.get /vmkModules/vsanutil/isWitness exception b ecasue of Bad parameter.
Azure VMware Solution
Microsoft Security | Microsoft Sentinel
1,295 questions
{count} votes
-
Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator2022-07-02T14:04:39.163+00:00 Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar----------
NOTE: To answer you as quickly as possible, please mention me in your reply.
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator2022-07-06T22:34:45.943+00:00 @Kibalatu
Thank you for your post!Since it can take a while for logs to be sent to Sentinel after configuring the data connector, I just wanted to check in and see if you were able to resolve this issue?
If you have any other questions or are still having issues with the connector, please let me know.
Thank you for your time and patience throughout this issue.
Sign in to comment
Sign in to answer