Audit logs capture administrative actions carried out in the system. These actions are regular CRUD operations, and login/logout alerts. The audit logs capture the actions from the API, the user interface, and the CLI.
- The audit log feature is always on.
- VMware Aria Operations for Networks supports the UTC format in the audit logs.
- The audit log is integrated with the syslog. You can configure the syslog collector to collect all the audit logs.
- You can export all the audit log data in a CSV file.
Currently, the following administrative actions are not captured in audit logs:
- SSH login logs. You can find the SSH logs in /var/log/auth.log.
- Changes in Physical IP and DNS Mapping.
- Changes in Physical Subnets and VLANS.
Procedure
- Go to .
- The following details are shown on the Audit Logs page:
Information |
Description |
Date & Time |
Timestamp of the actual action performed. |
IP Address |
IP address of the client from which the connection is established such as the CLI or the browser. |
User Name |
User who is performing the action. |
Object Type |
Object on which the action is being performed. |
Operation |
Different actions that the user performs on the object. |
Object Identifier |
Unique identifier for that particular object on which the action is being performed. |
Response |
Indicator for success or failure of the operation |
Details |
Details of the settings that have been changed such as the nickname or a property. |
- To allow the collection of information when the user logs in through a browser or CLI, enable Allow collection of Personally Identifiable Information. This option is deactivated by default.
Note: The
IP Address
and the
User Name
columns are blank if this option is deactivated.
- Click Export as CSV to export the audit log data in the CSV format.