If you are a VMware Cloud on AWS user with a trial subscription or VMware Cloud core subscription for vRealize Log Insight Cloud, vRealize Log Insight Cloud collects and analyzes audit logs generated in your Software-Defined Data Center (SDDC).

For information about configuring your NSX-T for VMware Cloud on AWS log source, navigate to the Log Sources page and under VMware Cloud, click NSX-T for VMware Cloud on AWS.

For information about vRealize Log Insight Cloud subscriptions, see vRealize Log Insight Cloud Subscriptions and Billing.

For information about using VMware Cloud on AWS, see the VMware Cloud on AWS documentation.

vRealize Log Insight Cloud classifies SDDC events matching the following rules as audit logs.

ESXi Audit Events
"text=(esx AND audit)"
"text =(hostd AND vmsvc AND vm AND snapshot)"
"text =(vim.event.HostConnectionLostEvent)"
vCenter Audit Events
"text = (vpxd AND event AND vim AND NOT originator)"
NSX-T Audit Events
"text = (nsx AND audit AND true AND comp AND reqid)"
NSX-T Firewall and Packet Log Events
"text = (nsx AND firewall AND inet)"
"text = (firewall_pktlog AND inet)"
User-Driven Activity Events
log_type Contains Activity
VMC Notification Gateway Events
log_type Contains Notification
VMware Site Recovery Events
log_type Contains vmw_vmc_srm_logs
VMware Cloud Services Audit Events
log_type Contains csp-audit
appname Contains IDPS_EVT