# VMware vSphere Integration
This integration periodically fetches logs and metrics from vSphere vCenter servers.
** Compatibility**** **
The integration uses the Govmomi library to collect metrics and logs from any Vmware SDK URL (ESXi/VCenter). This library is built for and tested against ESXi and vCenter 6.5, 6.7 and 7.0.
**Installation Guide: **
[VMware vSphere 7.0 Installation](https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-vcenter-server-70-release-notes.html#installation-notes-for-this-release-12)
[Govmomi Library](https://github.com/vmware/govmomi?tab=readme-ov-file)
** Integration Process **
**Go> Cyber Incident Management (XDR and MDR) **
** Go> Cyber Incident Management (XDR and MDR)> Settings **
** Go> Cyber Incident Management (XDR and MDR)> Settings> Integration **
**Go> Cyber Incident Management (XDR and MDR)> Settings> Integration>
In search bar type “Vmware” **
**Click Add Agent **
** Choose your Log Collector **
**Click the vSphere logs and metrics **
** Keep it as is **
**Enter the IP address and port **
**Example**: https://127.0.0.1:8989/sdk
**127.0.0.1****:** This is the IP address of the local machine (localhost).
**8989****:** This is the port number on which the SDK service is running. (Keep it as is)
**/sdk****:** This indicates that the SDK is accessible at this path. (Keep it as is)
**Notes**: To add multiple hosts, enter each IP address following the same format (https://<IP\_or\_hostname>:port/sdk) and press enter.
**Enter the Username and password of vSphere account **
**Notes**: The insecure option bypasses the verification of the server's certificate chain, which can be useful in certain scenarios but comes with significant security risks. It is recommended to use this option only when necessary and in environments where security concerns are minimal.
** Logs collection **
**Collect logs from vSphere via UDP **
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2024-06/Bk7gOwlFFBxSj05j-udp.png)
**Tags**: Click the given tags
**UDP host to listen on**: This is the IP address of the machine where the log collector is running.
**UDP port to listen on:** This is the port on which the log collector will listen for incoming log data. (Keep it as is)
**Notes**: Enabling "Preserve original event" ensures raw log data is always available, crucial for troubleshooting, compliance, and verifying log accuracy. It adds raw data to event.original, doubling storage needs and potentially slowing processing if storage isn't scaled, impacting efficiency.
** Collect logs from vSphere via TCP **
**Tags**: Click the given tags
**TCP** **host to listen on:** This is the IP address of the machine where the log collector is running.
**TCP** **port to listen on:** This is the port on which the log collector will listen for incoming log data. (Keep it as is)
**Notes**: Enabling "Preserve original event" ensures raw log data is always available, crucial for troubleshooting, compliance, and verifying log accuracy. It adds raw data to event.original, doubling storage needs and potentially slowing processing if storage isn't scaled, impacting efficiency.
**Click Next to complete the integration.**