For auditing purposes, you can monitor the events that VMware Cloud Director Availability generates by using a syslog server, by using email delivery for the notifications, and for Cloud Director sites, you can monitor the events also in VMware Cloud Director.
Event Notifications Delivery Channels
To aid with auditing and monitoring the cloud site,
VMware Cloud Director Availability delivers information about significant events by using the following delivery channels, depending on the cloud site:
Note: When sent by email, the events under the
User Activities section are batched per tenant/activity type and aggregated in one message sent every 60 minutes or every 300 events, whichever comes first.
Audit Events
The ISO 27001 and PCI-DSS auditing requirements as logged by
VMware Cloud Director Availability:
- Logs any administrative, root, or elevated access to the system, for example, user X, successful login at timestamp from IP-address/FQDN.
- Logs any unsuccessful login attempts for all users to the system, for example, user Y, failed login attempt at timestamp from IP-address/FQDN.
- Logs any passive operations of all users, for example, running RPO compliance reports, system tasks review, data stores review, and system health review.
- Logs any configuration changes, including creation, modification, and deletion, under the following sections:
- Replications section activities:
- Incoming Replications - logs any user-executed actions, for example, Migrate, Failover, and Test.
- Recovery Plans - logs all recovery plan operations.
- Start/Stop events for replication tasks
- Configuration section activities on the pages:
- Settings
- Peer Sites
- Policies
- SLA Profiles
- L2 Stretch
- System section activities:
- Support Bundles
- Backup Archives
- Start/Stop events for System tasks
- Reports page logs all report-related activities.
- Session-related activities, such as:
- Login
- Logout
- Login to peer site
- Logout of peer site
Weekly Summary Report Subscription
VMware Cloud Director Availability 4.6 and later allows both providers and their tenants to subscribe for a weekly summary email that contains the numbers of active/new/deleted protections and migrations performed last week.
The subscribers remain informed about what is happening with their replications without logging in. Their weekly summary report:
- Counts only incoming replications using the Classic data engine to the cloud site.
- Counts the current state at the report runtime both for active protections and for migrations.
- Counts the following numbers for the week:
- Performed failovers
- Performed test failovers
- Performed migrates
- New protections and new migrations
- Deleted protections and migrations
For more information, see Subscribe for weekly summary email.