The raw audit log information often is not easily understandable. Therefore, the VMware Smart Assurance Audit Log Adapter is invoked to process and modify the raw audit log data to make it more user-friendly in the form of a final audit log. The adapter interprets specific remote API calls, and creates audit log messages that describe the higher level functions being invoked by the user. For example, an operation which may be invoked by the user may be the creation of a new discovery filter. The remote API calls to modify discovery filters would be invokeOperation ICF_TopologyManager ICF-TopologyManager applyXMLFilters. The VMware Smart Assurance Audit Log Adapter interprets this invokeOperation call and creates a new audit log message in the final audit log file which more clearly states "Modify Discovery Filters”.
The final audit log output includes the following fields:
-
Date, time and time zone (that is, the local time zone of the server)
-
Time in seconds from epoch
-
VMware Smart Assurance user login name, VMware Smart Assurance system user name and client ID. Final Audit Output Sample provides an example of a complete final audit log entry.
-
Action type—indicates the type of action performed, such as "Add Discovery Filter" or "Invoke Operation xxx"
-
Object class related to action
-
Object instance related to action
-
Text—includes additional information relevant to the actions, such as a property name, an event name, or arguments to the action
The format of both the raw and final output files are the same. The fields are separated by tabs, which allows for easy export to Excel spreadsheets.
For comparison, a sample of raw audit output versus final audit output is provided below in the following figures. Note that in the raw audit log output in Raw Audit Output Sample, all of the actions relating to creating a topology subgroup in the entries with a time in seconds from epoch of 1143150029 and 1143150044 have been modified into clearer and more concise entries in the final log audit output shown in Final Audit Output Sample. Also note that actions such as checking licenses that show up in the raw audit log (the sixth and seventh entries in Raw Audit Output Sample) do not appear in the final audit log.