vRealize Network Insight can capture an audit information of NSX objects quickly from the NSX-T Manager and NSX-V Manager. The information includes the user name who created or modified the NSX object, when the operation happened and the operation details on the object.
If you have enabled audit logs in NSX-T Manager or NSX-V Manager, vRealize Network Insight can collect the audit details for some of the NSX-T and NSX-V objects.
NSX-V
List of NSX-V objects for which
vRealize Network Insight collects audit details within three to five minutes.
- SecurityGroup
- SecurityGroupTranslation
- FirewallConfiguration
- FirewallStatus
- IPSet
- SecurityTag
- UniversalSecurityGroup
- UniversalSecurityGroupTranslation
- UniversalIPSet
The audit details of the NSX-V objects are captured for the Discovery, Property Change, and Delete events:
- Discovery
- Properties Change
- Delete
You can view the audit information on the timeline of the object also.
NSX-T
List of NSX-T objects for which
vRealize Network Insight collects audit details.
Note: The audit information is not available for the VMC Policy entities.
- NSGroup
- NSService
- NSServiceGroup
- NSFirewallRule
Note: The audit information is not available for the Delete event of the NSFirewallRule.
- IPSet
- NSX Policy Group
- NSX Policy Firewall Rule
The audit details of the NSX-T objects are captured for the Discovery, Property Change and the Delete events:
- Discovery
- Properties Change
- Delete
Note: The Delete events are not available on the enity dashboard. However, you can search the event to see the audit information.
Sample queries to see audit information
events where user = usernamediscovery events where user = usernamedelete events where user = usernamechange events where user = username
