One of the conveniences of administering VMware solutions is being able to use code to create scripts to perform repetitive tasks or automate processes
One of the vSphere Web Client features that can help those new to the PowerCli is the Capture Code, it basically allows you to list and save the Powercli commands of the actions you are doing with the vSphere Web Client.
To activate it just access the vSphere Web Client, from the Menu select Developer Center
Select Code Capture and enable it by placing the “Enable Code Capture” flag on the right (which turns green)
At this point, a space will appear in our frame where the commands will be listed with some operations, such as Clear and start another, Copy and Download
Where the Download option generates you the ps1 file with the Powercli commands of the recorded operations
To start and stop a recording session you can use the buttons:
Or the red button that appears at the top of the WebClient once “Enable Code Capture” is enabled
In an old post, I described how to send ESXi logs to Azure Log Analytics to ingest at Azure Sentinel, now I describe Step to Step how to send vCenter logs.
The first step is to do step by step this configuration:
Protocol and port depend on your infrastructure configuration (you need to enable communication from VCSA to Syslog Gateway Server on the select TCP/UDP port)
and enable send events (it is enabled by default, but a check is a good idea)
Now you can connect to the Syslog Gateway Server and check if the Syslog server received the logs from the VCSA Appliance
Use SSH to connect at the Syslog Gateway Server and use this command
cat /var/log/syslog | grep <fqdn vCenter> | more
in my situation
cat /var/log/syslog | grep vcenter | more
Configure the Log Analytics Agent, installed on Syslog Gateway Server to process the Facility Local0
Connect to Azure Portal and on Azure Log Analytics Service enable the correct facility (local0)
After 10/15 minutes the new configuration will be applied on Syslog Gateway Server (you can check the file /etc/rsyslog.d/95-omsagent.conf on Syslog Gateway)
Change the VMwareESXi function (It was created for ESXi Log check my old post) or create a query custom to parse the log on Azure Log Analytics
Finally, you can query the data on Azure Log Analytics
Syslog | where HostName contains “<FQDN vCenter>”
or optionally you can edit the function create for Ingest ESXi log (check my old POST) and insert the vCenter FQDN Name in the same position where there is the ESXi FQDN Name.
Currently, on Azure Sentinel there are no specific Workbooks for VMware, all queries are to be created
