Audit logs capture administrative actions carried out in the system. These actions are regular CRUD operations, and login/logout alerts. The audit logs capture the actions from the API, the user interface, and the CLI.

  • The audit log feature is always on.
  • VMware Aria Operations for Networks supports the UTC format in the audit logs.
  • The audit log is integrated with the syslog. You can configure the syslog collector to collect all the audit logs.
  • You can export all the audit log data in a CSV file.
Currently, the following administrative actions are not captured in audit logs:
  • SSH login logs. You can find the SSH logs in /var/log/auth.log.
  • Changes in Physical IP and DNS Mapping.
  • Changes in Physical Subnets and VLANS.


  1. Go to Settings > Logs > Audit Logs.
  2. The following details are shown on the Audit Logs page:
    Information Description
    Date & Time Timestamp of the actual action performed.
    IP Address IP address of the client from which the connection is established such as the CLI or the browser.
    User Name User who is performing the action.
    Object Type Object on which the action is being performed.
    Operation Different actions that the user performs on the object.
    Object Identifier Unique identifier for that particular object on which the action is being performed.
    Response Indicator for success or failure of the operation
    Details Details of the settings that have been changed such as the nickname or a property.
  3. To allow the collection of information when the user logs in through a browser or CLI, enable Allow collection of Personally Identifiable Information. This option is deactivated by default.
    Note: The IP Address and the User Name columns are blank if this option is deactivated.
  4. Click Export as CSV to export the audit log data in the CSV format.