The vRealize Log Insight Cloud collects and analyzes logs generated in your SDDC.

A trial version of the vRealize Log Insight Cloud is enabled by default in a new SDDC. The trial period begins when a user in your organization accesses the vRealize Log Insight Cloud add-on and expires in thirty days. After the trial period, you can choose to subscribe to this service or continue to use a subset of service features at no additional cost. For more information about using vRealize Log Insight Cloud, see the vRealize Log Insight Cloud Documentation.

SDDC Audit Log Events

vRealize Log Insight Cloud classifies SDDC events matching the following rules as audit data.

ESXi Audit Events
"text=(esx AND audit)"
"text =(hostd AND vmsvc AND vm AND snapshot)"
"text =(vim.event.HostConnectionLostEvent)"
vCenter Audit Events
"text = (vpxd AND event AND vim AND NOT originator)"
NSX-T Audit Events
"text = (nsx AND audit AND true AND comp AND reqid)"
NSX-T Firewall and Packet Log Events
"text = (nsx AND firewall AND inet)"
"text = (firewall_pktlog AND inet)"
User-Driven Activity Events
log_type Contains Activity
VMC Notification Gateway Events
log_type Contains Notification