The VMware Aria Operations for Logs collects and analyzes logs generated in your SDDC.
A trial version of the VMware Aria Operations for Logs service is enabled by default in a new SDDC. The trial period begins when a user in your organization activates the VMware Aria Operations for Logs service and expires in thirty days. After the trial period, you can choose to subscribe to this service or continue to use a subset of service features at no additional cost. For more information about using VMware Aria Operations for Logs, see the VMware Aria Operations for Logs Documentation.
SDDC Audit Log Events
VMware Aria Operations for Logs classifies SDDC events matching the following rules as audit data.
- ESXi Audit Events
-
"text=(esx AND audit)" "text =(hostd AND vmsvc AND vm AND snapshot)" "text =(vim.event.HostConnectionLostEvent)"
- vCenter Audit Events
-
"text = (vpxd AND event AND vim AND NOT originator)"
- NSX Audit Events
-
"text = (nsx AND audit AND true AND comp AND reqid)"
- NSX Firewall and Packet Log Events
-
"text = (nsx AND firewall AND inet)" "text = (firewall_pktlog AND inet)"
- User-Driven Activity Events
-
log_type Contains Activity
- VMC Notification Gateway Events
-
log_type Contains Notification
- VMware Site Recovery Events
-
text contains vmware-dr AND text doesnot contain vmware-dr-audit
- VMware Cloud Services Audit Events
-
log_type Contains csp-audit