Merge pull request #500 from splunk/fix/vmware-vpxd

Fix mapping of vpxd* for vcenter
CSVD · May 29, 2020 · b7c0ebf · b7c0ebf
2 parents 5f6770b + 70445c7
commit b7c0ebf
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/package/etc/conf.d/filters/VMware/vsphere.conf b/package/etc/conf.d/filters/VMware/vsphere.conf
@@ -21,6 +21,7 @@ filter f_vmware_all {
     or program("vobd", flags(ignore-case))
     or program("Vpxa", flags(ignore-case))
     or program("Vpxd", flags(ignore-case))
+    or program("Vpxd-svcs", flags(ignore-case))
     or program("VSANMGMTSVC", flags(ignore-case))
     or program("vsfwd", flags(ignore-case))
     #begin nsx
@@ -47,7 +48,6 @@ filter f_vmware_esx {
     or program("vmkwarning", flags(ignore-case))
     or program("vobd", flags(ignore-case))
     or program("Vpxa", flags(ignore-case))
-    or program("Vpxd", flags(ignore-case))
     or program("VSANMGMTSVC", flags(ignore-case))
     or program("vsfwd", flags(ignore-case))
     or program("vmauthd", flags(ignore-case))
@@ -67,4 +67,7 @@ filter f_vmware_vcenter {
     or program("vmcad", flags(ignore-case))
     or program("vmdird", flags(ignore-case))
     or program("vmon", flags(ignore-case))
+    or program("Vpxd", flags(ignore-case))
+    or program("Vpxd-svcs", flags(ignore-case))
+
 };    
diff --git a/tests/test_vmware.py b/tests/test_vmware.py
@@ -29,7 +29,7 @@ def test_linux_vmware(record_property, setup_wordlist, setup_splunk, setup_sc4s)
     iso_header = dt.isoformat()[0:23]
     epoch = epoch[:-3]
 
-    mt = env.from_string("{{ mark }}1 {{ iso_header }}Z {{ host }} vpxd {{ pid }} - - Event [3481177] [1-1] [{{ iso }}Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\svc-vcenter-user] [] [3481177] [User VSPHERE.LOCAL\svc-vcenter-user@192.168.10.10 logged in as pyvmomi Python/2.7.13 (Linux; 4.9.0-7-amd64; x86_64)]\n")
+    mt = env.from_string("{{ mark }}1 {{ iso_header }}Z {{ host }} vpxa {{ pid }} - - Event [3481177] [1-1] [{{ iso }}Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\svc-vcenter-user] [] [3481177] [User VSPHERE.LOCAL\svc-vcenter-user@192.168.10.10 logged in as pyvmomi Python/2.7.13 (Linux; 4.9.0-7-amd64; x86_64)]\n")
     message = mt.render(mark="<144>", iso_header=iso_header, iso=iso, host=host, pid=pid)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])