The raw audit log information includes the details of the VMware Smart Assurance remote API calls made from the Global Console to the server, such as the name of the VMware Smart Assurance user who invoked the call and the time of the invocation. These API calls include calls that interact with the remote object repository in each VMware Smart Assurance server (for example, the API names may be put, insert, and invokeOperation).

The raw audit log output is written to a file named <server_name>_audit.log in the BASEDIR/<productsuite>/smarts/local/logs directory. For example, the raw audit log for an VMware Smart Assurance IP AM server would be INCHARGE-AM_audit.log which would be located in the BASEDIR /IP/smarts/local/logs directory. The raw audit log file automatically rolls to a new file when the size of the log file exceeds 1 MG. The size at which the log file will roll is configurable via the SM_AUDIT_CLIENT_LENGTH environment variable. You may set this environmental variable by adding it to the file.

In some cases, information in the raw audit log may not correspond to expected higher level functions. In these cases, the raw audit log information is the same as that printed in the final audit log file.

Some of the configuration functions available from the VMware Smart Assurance Global Console are aggregated into XML source data passed from the Global Console to the server. The XML data may contain one or more changes related to different types of configurable entities. In these cases, the VMware Smart Assurance Audit Log Adapter does not interpret the XML data to determine the specific changes made, but instead indicates that one of the set of configurable entities has changed and provides the specific XML data. The final audit log output will indicate that one of these has changed with the pertinent XML source data providing the changed information.