vRealize Network Insight can capture an audit information of NSX objects quickly from the NSX-T Manager and NSX-V Manager. The information includes the user name who created or modified the NSX object, when the operation happened and the operation details on the object.
If you have enabled audit logs in NSX-T Manager or NSX-V Manager, vRealize Network Insight can collect the audit details for some of the NSX-T and NSX-V objects.
NSX-V
List of NSX-V objects for which
vRealize Network Insight collects audit details within three to five minutes.
- SecurityGroup
- SecurityGroupTranslation
- FirewallConfiguration
- FirewallStatus
- IPSet
- SecurityTag
- UniversalSecurityGroup
- UniversalSecurityGroupTranslation
- UniversalIPSet
The audit details of the NSX-V objects are captured for the Discovery, Property Change, and Delete alerts:
- Discovery
- Properties Change
- Delete
You can view the audit information on the timeline of the object also.
NSX-T
List of NSX-T objects for which
vRealize Network Insight collects audit details.
Note: The audit information is not available for the VMC Policy entities.
- NSGroup
- NSService
- NSServiceGroup
- NSFirewallRule
Note: The audit information is not available for the Delete alert of the NSFirewallRule.
- IPSet
- NSX Policy Group
- NSX Policy Firewall Rule
The audit details of the NSX-T objects are captured for the Discovery, Property Change and the Delete alerts:
- Discovery
- Properties Change
- Delete
Note: The Delete alerts are not available on the enity dashboard. However, you can search the alert to see the audit information.
Sample queries to see audit information
alerts where user = usernamediscovery alerts where user = usernamedelete alerts where user = usernamechange alerts where user = username
