vRealize Network Insight Cloud can capture an audit information of NSX objects quickly from the NSX-T Manager and NSX-V Manager. The information includes the user name who created or modified the NSX object, when the operation happened and the operation details on the object.

If you have enabled audit logs in NSX-T Manager or NSX-V Manager, vRealize Network Insight Cloud can collect the audit details for some of the NSX-T and NSX-V objects.

NSX-V

List of NSX-V objects for which vRealize Network Insight Cloud collects audit details within three to five minutes.
  • SecurityGroup
  • SecurityGroupTranslation
  • FirewallConfiguration
  • FirewallStatus
  • IPSet
  • SecurityTag
  • UniversalSecurityGroup
  • UniversalSecurityGroupTranslation
  • UniversalIPSet
The audit details of the NSX-V objects are captured for the Discovery, Property Change, and Delete alerts:
  • Discovery

  • Properties Change

  • Delete

You can view the audit information on the timeline of the object also.

NSX-T

List of NSX-T objects for which vRealize Network Insight Cloud collects audit details.
Note: The audit information is not available for the VMC Policy entities.
  • NSGroup
  • NSService
  • NSServiceGroup
  • NSFirewallRule
    Note: The audit information is not available for the Delete alert of the NSFirewallRule.
  • IPSet
  • NSX Policy Group
  • NSX Policy Firewall Rule
The audit details of the NSX-T objects are captured for the Discovery, Property Change and the Delete alerts:
  • Discovery

  • Properties Change
  • Delete

Note: The Delete alerts are not available on the enity dashboard. However, you can search the alert to see the audit information.

Sample queries to see audit information

  • alerts where user = username
  • discovery alerts where user = username
  • delete alerts where user = username
  • change alerts where user = username