VMware Aria Operations for Networks can capture an audit information of NSX objects quickly from the NSX-T Manager and NSX-V Manager. The information includes the user name who created or modified the NSX object, when the operation happened and the operation details on the object.

If you have enabled audit logs in NSX-T Manager or NSX-V Manager, VMware Aria Operations for Networks can collect the audit details for some of the NSX-T and NSX-V objects.

NSX-V

List of NSX-V objects for which VMware Aria Operations for Networks collects audit details within three to five minutes.
  • SecurityGroup
  • SecurityGroupTranslation
  • FirewallConfiguration
  • FirewallStatus
  • IPSet
  • SecurityTag
  • UniversalSecurityGroup
  • UniversalSecurityGroupTranslation
  • UniversalIPSet
The audit details of the NSX-V objects are captured for the Discovery, Property Change, and Delete alerts:
  • Discovery

    "" (null text)

  • Properties Change

    "" (null text)

  • Delete

    "" (null text)

You can view the audit information on the timeline of the object also.

The audit information on the timeline of the object showing information such as IP set properties changes.

NSX-T

List of NSX-T objects for which VMware Aria Operations for Networks collects audit details.
Note: The audit information is not available for the VMC Policy entities.
  • NSGroup
  • NSService
  • NSServiceGroup
  • NSFirewallRule
    Note: The audit information is not available for the Delete alert of the NSFirewallRule.
  • IPSet
  • NSX Policy Group
  • NSX Policy Firewall Rule
Note: If you are using NSX-T version 4.x and later, the following entities are not available and search wont show any result; you must update your user defined dashboards and user defined alerts using the corresponding policy entities:
Entities Corresponding Policy Entities
NSGroup NSX Policy Group
NSService Policy Service entry
NSService Group Policy service
NSX-T Firewall NSX Policy Firewall
NSX-T Firewall Rule NSX Policy Firewall Rule
NSX-T IPSet IPSet
The audit details of the NSX-T objects are captured for the Discovery, Property Change and the Delete alerts:
  • Discovery

    "" (null text)

  • Properties Change
    "" (null text)
  • Delete

    "" (null text)

Note: The Delete alerts are not available on the entity dashboard. However, you can search the alert to see the audit information.

Sample queries to see audit information

  • alerts where user = username
  • discovery alerts where user = username
  • delete alerts where user = username
  • change alerts where user = username