I'm trying to have one of my hosts send syslogs to QRadar, however the instructions I find online are slightly different and seem to be for ESXi 4.1.
That said it seems the settings I need to change are:
SYSLOG.GLOBAL.LOGDIR - which I've entered: []/scratch/log/messages
and
SYSLOG.GLOBAL.LOGHOST - which I've entered the IP address of QRadar with and without :514 added to the end.
But I can't seem to get the logs sent to QRadar. Anyone have any experience with both ESXi 5.1 and QRadar and can provide assistance would be appreciated.