You configure alerts to system administrators and ISSO personas for all audit failure events and to inform them for every operation that adds, modifies, or deletes permissions in the vsphere.local domain.

Procedure

  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. In the Hosts and clusters inventory, select the sfo01mo1vc01.sfo01.rainpole.local vCenter Server instance.
  3. Click the Configure tab and under More, select Alarm Definitions.
  4. NIST80053-VI-VC-CFG-00412,NIST80053-VI-VC-CFG-00414,NIST80053-VI-VC-CFG-00416 Click Add to configure alerts for audit failure events for every operation that adds, modifies, or deletes permissions in the vsphere.local domain.
    1. On the Name and targets page, enter the settings and click Next.

      Setting

      Value

      Alarm name

      vim.event.PermissionsAll

      Target type

      vCenter Server
    2. On the Alarm rule 1 page, under If, enter vim.event.PermissionAddedEvent as a trigger and press Enter.
    3. Configure the remaining settings for the alarm and click Add another rule.

      Setting

      Value

      Trigger the alarm and

      Show as warning

      Send email notifications

      Off

      Send SNMP traps

      On

      Run script

      Off
    4. Configure two more rules and follow the prompts to finish the wizard.
      Table 1. Alarm Rule 2

      Setting

      Value

      If (trigger)

      vim.event.PermissionRemovedEvent

      Trigger the alarm and

      Show as warning
      Table 2. Alarm Rule 3

      Setting

      Value

      If (trigger)

      vim.event.PermissionUpdatedEvent

      Trigger the alarm and

      Show as warning
  5. NIST80053-VI-VC-CFG-00442 Configure an alert if an error occurs with the ESXi remote syslog connection.
    1. Click Add to open the New alarm definition wizard.
    2. On the Name and targets page, enter the settings and click Next.

      Setting

      Value

      Alarm name

      esx.problem.vmsyslogd.remote.failure

      Target type

      vCenter Server
    3. On the Alarm rule 1 page, under If, enter esx.problem.vmsyslogd.remote.failure as a trigger and press Enter.
    4. Configure the remaining settings for the alarm, click Next, and follow the prompts to finish the wizard.

      Setting

      Value

      Trigger the alarm and

      Show as warning

      Send email notifications

      Off

      Send SNMP traps

      On

      Run script

      Off
  6. Repeat the procedure for the sfo01w01vc01.sfo01.rainpole.local Compute vCenter Server in Region A.