From 64c68d8c2d1e8cac1f07f1b4d175b8ad8c55e5c3 Mon Sep 17 00:00:00 2001 From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com> Date: Fri, 10 Jul 2020 17:54:27 -0400 Subject: [PATCH] Update vsphere.conf (#544) --- package/etc/conf.d/filters/VMware/vsphere.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/package/etc/conf.d/filters/VMware/vsphere.conf b/package/etc/conf.d/filters/VMware/vsphere.conf index e055108..dcb643b 100644 --- a/package/etc/conf.d/filters/VMware/vsphere.conf +++ b/package/etc/conf.d/filters/VMware/vsphere.conf @@ -2,6 +2,7 @@ filter f_vmware_all { #begin base vmware program("applmgmt-audit", flags(ignore-case)) or program("cimslp", flags(ignore-case)) + or program("esxupdate", flags(ignore-case)) or program("Fdm", flags(ignore-case)) or program("Hostd", flags(ignore-case)) or program("hostd-probe", flags(ignore-case)) @@ -27,17 +28,21 @@ filter f_vmware_all { or program("Vpxd", flags(ignore-case)) or program("Vpxd-svcs", flags(ignore-case)) or program("VSANMGMTSVC", flags(ignore-case)) + or program("osfsd", flags(ignore-case)) or program("vsfwd", flags(ignore-case)) + or program("vsantraceurgent", flags(ignore-case)) #begin nsx or program("NSX", flags(ignore-case)) or program("NSXV", flags(ignore-case)) or program("dfwpktlogs", flags(ignore-case)) or program("nsx-.*", flags(ignore-case)) or program("view", flags(ignore-case)) + or program("vsansystem", flags(ignore-case)) }; filter f_vmware_esx { program("cimslp", flags(ignore-case)) + or program("esxupdate", flags(ignore-case)) or program("Fdm", flags(ignore-case)) or program("Hostd", flags(ignore-case)) or program("hostd-probe", flags(ignore-case)) @@ -77,6 +82,9 @@ filter f_vmware_vcenter { or program("vmon", flags(ignore-case)) or program("Vpxd", flags(ignore-case)) or program("Vpxd-svcs", flags(ignore-case)) + or program("vsantraceurgent", flags(ignore-case)) + or program("vsansystem", flags(ignore-case)) + or program("osfsd", flags(ignore-case)) }; filter f_vmware_horizon {