Scribd
Upload
3 views

Vmware Auditing Quick Reference Guide

Uploaded by

Juan Carlos Cortes
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Vmware Auditing Quick Reference Guide

Uploaded by

Juan Carlos Cortes
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Quick Reference Guide

VMware Auditing
How to enable logging of important changes to VMware configuration

VCenter Events View


 Run vSphere Web Client on your vCenter server > Navigate to “Events”
Common VMware
Tab > Event Console will open where you can find all events happened Events:
with your virtual machines
 VmPoweredOffEvent – VM powered
off
vSphere Events View  VmPoweredOnEvent – VM powered
on
 Run vSphere Client on your computer > Select a Host > Navigate to  VmSuspendedEvent – VM
“Events” Tab > “Event Console” will open where you can find all events suspended
happened with your virtual environment  AccountCreatedEvent – Account
created
 AccountRemovedEvent – Account
PowerCLI Events View removed
 AccountUpdatedEvent – Account
updated
 Run VMware PowerCLI connect to your vCenter using command:  EnteredMaintenanceModeEvent –
 Connect-VIServer –server servername Entered maintenance mode
 Execute command Get-VIEvent  ExitMaintenanceModeEvent – Exit
maintenance mode
 You can get more information by executing: Get-Help Get-VIEvent
 PermissionAddedEvent –
 You can specify parameters by adding the monitored event from the Permission added
Common VM Events list into this script (save this script in txt file with .ps1  PermissionRemovedEvent –
extension) and run this script in PowerCLI console: Permission removed
 PermissionUpdatedEvent –
Get-VIEvent -Start (Get-Date).adddays(-120) | ` Permission updated

where {$_.gettype().Name -eq "add event here” -and  UserLoginSessionEvent – User login
$_.CreatedTime -lt (Get-Date).adddays(1)} | `  UserLogoutSessionEvent – User
logout
select @{N="VMname"; E={$_.Vm.Name}},  UserPasswordChanged – User
password changed
@{N="OccuredTime"; E={$_.CreatedTime}},
 AlarmAcknowledgedEvent – Alarm
@{N="Hostname"; E={$_.Host.Name}}, acknowledged
 BadUsernameSessionEvent –
@{N="Username"; E={$_.UserName}} Invalid user name
 ClusterCreatedEvent – Cluster
 You can also select different date range by changing “adddays” parameter. created
 ClusterDestroyedEvent – Cluster
deleted
For Detailed VMware Auditing,  You can find full list of events here –
Try Netwrix Auditor — netwrix.com/go/trial-vm url2open.com/vmevents
 Change auditing: detection, reporting and alerting on all
configuration changes across your entire IT infrastructure with Who,
What, When, Where details and Before/After values.

 Predefined reports and dashboards with filtering, grouping, sorting,


export (PDF, XLS etc.), email subscriptions, drill-down, access via web,
granular permissions and ability to create custom reports.
Try VMware
 Long-Term Archiving: scalable two-tiered storage (file-based + SQL
database) holding consolidated audit data for up to and beyond 10 years.
Auditing for Free:
netwrix.com/go/trial-vm
 Unified platform to audit the entire IT infrastructure, as opposed to
multiple hard-to-integrate standalone tools from other vendors.

HQ: 8001 Irvine Center Drive, Phone: 1-949-407-5125 Int'l: 1-949-407-5125


Suite 820, Irvine, CA 92618 Toll-free: 888-638-9749 EMEA: 44 (0) 203-318-0261 netwrix.com/social

You might also like